Re: [mod-security-users] Disable local file creation with PUT/POST
Brought to you by:
victorhora,
zimmerletw
From: Reindl H. <h.r...@th...> - 2014-07-22 11:56:56
|
Am 22.07.2014 13:38, schrieb rewt rewt: > I am facing a modsecurity feature i want to remove and i don t know how to proceed. > Indeed, i have setup MS as a reverse proxy to protect a web application. > > In this web application there is big files upload. > > At first file upload was not working and i got errors saying that the SecUploadDir was not defined... > > I created the "SecUploadDir /tmp" in modsecurity-general.conf files and i discovered that each uploaded file was > created in /tmp, which is not possible in my situation as many users upload big files... i would generate a "modsec-upload" on the datadisk where to application finally stores uploads with chmod 1777 because this also avoids one move between filesystems and so is just a atomic rename > What could i do to avoid the "local" file creation in case of files uploaded through PUT/POST ? > Any help would be much appreciated! <LocationMatch "^/(.*)/upload.php"> SecRequestBodyAccess Off </LocationMatch> but be aware that this also disables modsec completly for POST variables - you need that also if you want to implement uploadprogress http://pecl.php.net/package/uploadprogress |