From: Ivan Ristic <ivanr@we...> - 2005-11-26 18:11:50
> on 11/24/05 6:42 AM, Ivan Ristic at ivanr@... wrote:
>>>I am running Mac OS X Tiger. When I attempt to connect to my webdav folder I
>>>cannot. The 2 secfilters blocking me are as follows...
>>># Only accept request encodings we know how to handle
>>># we exclude GET requests from this because some (automated)
>>># clients supply "text/html" as Content-Type
>>>Is there any changes I can make to the secfilter syntax so webdav will work,
>>>BUT not opening up possible exploit paths?
>> The only thing you can do is disable those two rules selectively,
>> for the WebDAV areas. The attacks they are guarding against are
>> not effective for WebDAV anyway.
> How would I write a rule so that is will only apply those rules if the
> request DOES NOT CONTAIN '/ical' or '/dav' ?
Try something like this:
SecFilterSelective REQUEST_URI "!^(/ical|/dav)" chain
SecFilterSelective ... whatever you want here
There are other ways... and they are all documented in the manual.
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org