Re: [mod-security-users] Pattern match
Brought to you by:
victorhora,
zimmerletw
From: Christian B. <ch...@jw...> - 2007-10-28 18:44:28
|
Hi Randy, you can for example just disable that rule for that specific location. Simply add <Location "/archives/teamaros"> SecRemoveRuleById 97013 </Location> somewhere AFTER the inclusion of the core-rules to your config. This should exclude the specified rule from being evaluated for that location. As judged from your log-message this rule seems to detect directory-listings which might refer to a information leakage. Just as a side-note: This works since the rule 970013 is a phase-4 rule and the location-specific directives (see above) are evaluated in phase-2. Removal of phase-1 or phase-2 rules from a specific location is a bit more tricky... Regards, Chris randy vice schrieb: > I attempted to sent an email to this ML couple of days ago, not sure if it > arrived. If this is a repeat, excuse me. > > When I upgraded to FC7 x86_64, I installed mod security. I am unable to > access my archives pages from different mailing lists. tail of the > error_log shows: > > [Sun Oct 28 08:32:02 2007] [error] [client 192.168.0.2] ModSecurity: > Access denied with code 403 (phase 4). Pattern match "(?:>\\\\[To Parent > Directory\\\\]<\\\\/[Aa]><br>|<title>Index of.*?<h1>Index of)" at > RESPONSE_BODY. [id "970013"] [msg "Directory Listing"] [severity > "WARNING"] [hostname "www.thenostromo.com"] [uri "/archives/teamaros/"] > [unique_id "xUxzxn8AAAEAAHwM5x8AAAAG"] > > Is there a way to add site dirs to mod_security and if so, how? Or do I > need to do something else. > > Thanks! > > Randy > > > |