Dear Ryan,


thank you for your reply. But how come if I have mod-Security turned off, it all works perfectly?





Von: Ryan Barnett []
Gesendet: Sonntag, 29. Oktober 2006 18:16
An: Mathias Gisch
Betreff: Re: [mod-security-users] mod_security mod_rewrite Problem


I understand the problem - when your mod_rewrite rule triggers, the browser changes the request method from POST to GET since your rewrite rule is sending a redirect to the browser.  You should try and update your rule so that it does NOT use an absolute URL or try and use the Proxy action [P] in mod_rewrite to get the client to the right file (as the proxy action would maintain the request method).


This has nothing to do with modsecurity.


Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
Author: Preventing Web Attacks with Apache


On 10/29/06, Mathias Gisch <> wrote:

Hi everybody,


I am using mod_security for the first time. However, I have the following problem in combination with mod_rewrite:


I have a form which posts data via the POST-Method to signup.html. The rewrite enigne rewrites signup.html to index.php?op=news&do=signup. The problem now is that after the rewrite the POST-Data won't arrive at the php script. If i have my form post directly to index.php?op=news&do=signup it works perfectly.


I would aprreciate any help.


Best regards,



Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo

mod-security-users mailing list