Re: [mod-security-users] Controlling ModSecurity dynamically : Is MODSEC_ENABLE and MODSEC_NOPOSTBUFFERING working in modsecurity2

[Josh Amishav-Z. <jo...@wa...>]

On Thu, 2013-12-19 at 18:55 +0530, Yogesh patel wrote:
> I got one example to skip multipart request in mod security.
> 
> 
> SetEnvIfNoCase Content-Type \
> "^multipart/form-data;" "MODSEC_NOPOSTBUFFERING=Do not buffer file
> uploads"
> 
> 
> I tried a lot with above example . It seems that it will not work.
> Will it work in modsecurity2?


Hi Yogesh,

There are two things to note here. First, that syntax will not work in
ModSec2. Secondly, I would strongly suggest against disabling
ModSecurity for **all** multipart/form-data requests. Ideally you would
research the exact cause within ModSecurity that is preventing the file
upload status bar from working. From my experience this is usually
simply a matter of tweaking your ruleset. If that is not a possibility,
the next step is to disable ModSecurity just for the offending request.
For example, if the URI was /FileUpload.php, you could use a rule such
as the following at the beginning of your ruleset:

SecRule REQUEST_URI "fileupload.php"
"id:1,phase:1,t:none,t:lowercase,nolog,allow,chain"
  SecRule REQUEST_METHOD POST "ctl:ruleEngine=Off,ctl:auditEngine=Off"


Josh Amishav-Zlatin

CTO | WAFSEC
The WAF is free, your time isn't