Re: [mod-security-users] Pattern match
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Pattern match
|
From: Christian B. <ch...@jw...> - 2007-10-28 18:44:28
|
Hi Randy,
you can for example just disable that rule for that specific location.
Simply add
<Location "/archives/teamaros">
SecRemoveRuleById 97013
</Location>
somewhere AFTER the inclusion of the core-rules to your config. This
should exclude the specified rule from being evaluated for that location.
As judged from your log-message this rule seems to detect
directory-listings which might refer to a information leakage.
Just as a side-note: This works since the rule 970013 is a phase-4 rule
and the location-specific directives (see above) are evaluated in
phase-2. Removal of phase-1 or phase-2 rules from a specific location is
a bit more tricky...
Regards,
Chris
randy vice schrieb:
> I attempted to sent an email to this ML couple of days ago, not sure if it
> arrived. If this is a repeat, excuse me.
>
> When I upgraded to FC7 x86_64, I installed mod security. I am unable to
> access my archives pages from different mailing lists. tail of the
> error_log shows:
>
> [Sun Oct 28 08:32:02 2007] [error] [client 192.168.0.2] ModSecurity:
> Access denied with code 403 (phase 4). Pattern match "(?:>\\\\[To Parent
> Directory\\\\]<\\\\/[Aa]><br>|<title>Index of.*?<h1>Index of)" at
> RESPONSE_BODY. [id "970013"] [msg "Directory Listing"] [severity
> "WARNING"] [hostname "www.thenostromo.com"] [uri "/archives/teamaros/"]
> [unique_id "xUxzxn8AAAEAAHwM5x8AAAAG"]
>
> Is there a way to add site dirs to mod_security and if so, how? Or do I
> need to do something else.
>
> Thanks!
>
> Randy
>
>
>
|