Re: [mod-security-users] Controlling ModSecurity dynamically : Is MODSEC_ENABLE and MODSEC_NOPOSTBU
Brought to you by:
victorhora,
zimmerletw
From: Josh Amishav-Z. <jo...@wa...> - 2013-12-19 15:41:02
|
On Thu, 2013-12-19 at 18:55 +0530, Yogesh patel wrote: > I got one example to skip multipart request in mod security. > > > SetEnvIfNoCase Content-Type \ > "^multipart/form-data;" "MODSEC_NOPOSTBUFFERING=Do not buffer file > uploads" > > > I tried a lot with above example . It seems that it will not work. > Will it work in modsecurity2? Hi Yogesh, There are two things to note here. First, that syntax will not work in ModSec2. Secondly, I would strongly suggest against disabling ModSecurity for **all** multipart/form-data requests. Ideally you would research the exact cause within ModSecurity that is preventing the file upload status bar from working. From my experience this is usually simply a matter of tweaking your ruleset. If that is not a possibility, the next step is to disable ModSecurity just for the offending request. For example, if the URI was /FileUpload.php, you could use a rule such as the following at the beginning of your ruleset: SecRule REQUEST_URI "fileupload.php" "id:1,phase:1,t:none,t:lowercase,nolog,allow,chain" SecRule REQUEST_METHOD POST "ctl:ruleEngine=Off,ctl:auditEngine=Off" Josh Amishav-Zlatin CTO | WAFSEC The WAF is free, your time isn't |