Just Launched: You can now import projects and releases from Google Code onto SourceForge
We are excited to release new functionality to enable a 1-click import from Google Code onto the Allura platform on SourceForge. You can import tickets, wikis, source, releases, and more with a few simple steps. Read More
When I turned SecFilterScanPOST on and tried to send an email with=20
SquirrelMail, mod-sec reported that error. As fas as I know, this error=20
occured due to the fact that SquirrelMail (and many other webmail apps)=20
compose-form has "multipart/form-data" as request encoding even if you dont=
attach files with your email. When mod-sec sees "multipart/form-data", it=
expects to see the long POST_PAYLOAD containing the attachments, and ends u=
with that error when there is no attachment. The quick solution is...to tur=
SecFilterScanPOST off :). How about a real solution? Any suggestion?=20
From: Ivan Ristic <ivanr@we...> - 2005-06-14 18:05:40
Thai Duong wrote:
> Hi guys,
> When I turned SecFilterScanPOST on and tried to send an email with
> SquirrelMail, mod-sec reported that error.
Just that? What is the exact error message you get? Make a test
with debug logging enabled on level 9 - there may be additional
messages in the debug log. However, fatal errors are all logged
to the Apache error log.
> As fas as I know, this error
> occured due to the fact that SquirrelMail (and many other webmail apps)
> compose-form has "multipart/form-data" as request encoding even if you
> dont attach files with your email. When mod-sec sees
> "multipart/form-data", it expects to see the long POST_PAYLOAD
> containing the attachments, and ends up with that error when there is no
No, that's not the problem. It's something else. Are you using
a recent version of mod_security?
I suspect file permissions, but you should find out for sure from
the debug log.
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org