Re: [mod-security-users] 2.8.0 modifying requests on iis in detection only
Brought to you by:
victorhora,
zimmerletw
From: Felipe C. <FC...@tr...> - 2014-07-10 13:18:18
|
Hi Jeff, Do you mind to open an issue on Github given more details about your current setup? https://github.com/SpiderLabs/ModSecurity/issues Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Jeff Jacob <Jef...@na...<mailto:Jef...@na...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Wednesday, July 9, 2014 5:36 PM To: "'mod...@li...<mailto:'mod...@li...>'" <mod...@li...<mailto:mod...@li...>> Subject: [mod-security-users] 2.8.0 modifying requests on iis in detection only I've installed ModSecurity IIS 2.8.0 and have SecRuleEngine DetectionOnly My modsecurity_iis.conf looks like: Include modsecurity.conf #Include modsecurity_crs_10_setup.conf #Include owasp_crs\base_rules\*.conf #Include Nanaimo_whiteList.conf But it's still doing something to my requests. I'm submitting a request form an ms ajax update pannel that ms magic should respond to with something like 1|#||4|15978|updatePanel|ContentPlaceHolder1_objUpdate| <div> But I'm getting raw HTML If I comment the first line (Include modsecurity.conf) my app works as expected. I noticed that when it works it also returns text/plain not text/html Is it possible modsecurity could be modifying the request at all with the base rules in DetectionOnly mode? -- Jeff Jacob Applications Analyst Information Technology City of Nanaimo ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |