Thread: [mod-security-users] Installation of ModSecurity 2.1.1
Brought to you by:
victorhora,
zimmerletw
From: mike w. <sil...@gm...> - 2007-08-19 10:33:43
|
I am new to this mod-security, I am new to configuring and using the Apache 2.0.x server, I am using Debian 4 Etch, is there a "special" place to install the mod_unique_id ? I have searched using Google and have yet to confirm there is a recommended location I am thinking this is up to the administrator and is determind by his logical choice. thanking you in advance for your reply. |
From: donnydark <don...@gm...> - 2007-08-30 18:47:57
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><title></title> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1"> <meta http-equiv=3D"Content-Style-Type" content=3D"text/css"> <style type=3D"text/css"><!-- body { margin: 5px 5px 5px 5px; background-color: #ffffff; } /* =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Text Styles =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D */ hr { color: #000000} body, table /* Normal text */ { font-size: 9pt; font-family: 'Courier New'; font-style: normal; font-weight: normal; color: #000000; text-decoration: none; } span.rvts1 /* Heading */ { font-size: 10pt; font-family: 'Arial'; font-weight: bold; color: #0000ff; } span.rvts2 /* Subheading */ { font-size: 10pt; font-family: 'Arial'; font-weight: bold; color: #000080; } span.rvts3 /* Keywords */ { font-size: 10pt; font-family: 'Arial'; font-style: italic; color: #800000; } a.rvts4, span.rvts4 /* Jump 1 */ { font-size: 10pt; font-family: 'Arial'; color: #008000; text-decoration: underline; } a.rvts5, span.rvts5 /* Jump 2 */ { font-size: 10pt; font-family: 'Arial'; color: #008000; text-decoration: underline; } span.rvts6 { font-size: 11pt; font-family: 'tahoma'; font-weight: bold; color: #ffffff; background-color: #0000ff; } span.rvts7 { font-size: 11pt; font-family: 'tahoma'; } span.rvts8 { font-size: 8pt; font-family: 'arial'; font-style: italic; color: #c0c0c0; } a.rvts9, span.rvts9 { font-size: 8pt; font-family: 'arial'; color: #0000ff; text-decoration: underline; } /* =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Para Styles =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D */ p,ul,ol /* Paragraph Style */ { text-align: left; text-indent: 0px; padding: 0px 0px 0px 0px; margin: 0px 0px 0px 0px; } .rvps1 /* Centered */ { text-align: center; } --></style> </head> <body> <p>Hello,</p> <p><br></p> <p>I want to have all these core rules which block many attacks </p> <p>but at the same time I want to have them NOT be applied to a</p> <p>certain ARG of a certain SCRIPT.</p> <p><br></p> <p>For example I have a blog where there is /newpost.php script. </p> <p>The person's message is post'ed through arg "message". </p> <p><br></p> <p>I have seen in documentation reference to !ARG:message. But <= /p> <p>I do not understand how to apply this globally, so that none</p> <p>of the rules will affect my message argument of newpost.php.</p> <p><br></p> <p>Could you please teach me an example of how to exempt a </p> <p>script+arg globally, so that my users may post anything they</p> <p>want within the message field? (let me worry about xss within</p> <p>this one field please, i want people to be able to post xss</p> <p>examples if need be, and so on! my php code will do the work </p> <p>of sanitizing for this one field)</p> <p><br></p> <p>thank you!</p> <p><br></p> <p><br></p> <p><br></p> <p><span class=3Drvts8>-- </span></p> <p><span class=3Drvts8>Best regards,</span></p> <p><span class=3Drvts8> donnydark &= nbsp; </span><a clas= s=3Drvts9 href=3D"mailto:don...@gm...">mailto:don...@gm...</a= ></p> </body></html> |