[mod-security-users] Trouble with inspectFile
Brought to you by:
victorhora,
zimmerletw
From: hanj <ma...@as...> - 2007-05-10 19:55:56
|
On Sat, 24 Feb 2007 10:41:18 +0530 <Aru...@co...> wrote: > Hi Ariel > > We can use shell script to inspect the files....can u tell me in secdefaultaction what phase u have applied...generaly inspect upload files will run only in phase 2 > > In our environment i use the below rule to inspect the file > SecTmpDir /tmp > SecRule FILES_TMPNAMES "@inspectFile /bin/uploadparse.sh" "phase:2,log,deny,t:none" > SecUploadKeepFiles On > > One more problem i am facing in the above rule is if i turn Off the SecUploadKeepFiles then inspect files is not running...regarding this issue i send out a mail to this group but i have not got any reply. > > Regards, > Arun Hello I just recently updated to 2.1.1 from 1.9.4 and no matter what I can't get my approver script to be executed by mod_sec. I tried with both SecUploadKeepFiles On and Off, nothing happens with both.I added ctl:debugLogLevel=9 and nothing shows up in my modsec_debug.log. All other rule handling seem to work as expected, but sending 'good' and 'bad' files.. they all are being uploaded to the server. It almost appears that mod_sec is not executing the file at all. I'm also using mod_chroot and the environment is chroot'd. My approver script and associated binaries are in the jail. SecRule FILES_TMPNAMES "@inspectFile /approver/file.sh" \ t:none,ctl:debugLogLevel=9" I also tried SecRule FILES_TMPNAMES "@inspectFile /approver/file.sh" "phase:2,log,deny,t:none" Nothing happens with either change and the file is successfully uploaded. Here are my relevant packages: apache-2.0.58-r2 mod_security-2.1.1 mod_chroot-0.4 I also noticed if I move file.sh to file.sh.dump, it doesn't even complain that it's not there. I rolled back to mod_security-1.9.4 to verify that approver script is readable/executable in the chroot, and it worked flawlessly. It has to be something simple. Thanks for your help!!!! |