Re: [mod-security-users] SecFilterScanOutput and mod_include (SSIs) not behaving together
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iva...@gm...> - 2006-04-25 14:05:29
|
That problem was fixed in 1.9.3. A list of known and fixed issues is available in Thinking Stone Network: https://www.thinkingstone.com/tsn/ (free registration, no spam). On 4/25/06, Ryan Boyd <rb...@ri...> wrote: > > > modsecurity: 1.9.2 > apache: 2.2.0 > > I have some sites that use SSIs for doing virtual and file includes. Th= ese > work fine under mod_security so long as SecFilterScanOutput is not enable= d. > As soon as SecFilterScanOutput is 'on' (even with no OUTPUT filters), the= se > SSIs fail to include the appropriate data. I can tell from the error logs > that the includes are being processed and the virtual includes are actual= ly > being requested through the server (can see debug output from mod_rewrite= ), > but the final results of those includes are never actually included in th= e > output from the server when SecFilterScanOutput is on. Looking at the > modsecurity debug output doesnt seem to reveal anything exciting that hel= ps > towards solving this problem. > > Has anyone experienced this problem? Or have further hints as to what I > can look at to resolve this or at least track it down further? > > Thanks, > > -Ryan > -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |