I’am tunning mod_security 1.8.7 in Red Hat 3.0 Upgrade 5 (2.4.21-32.ELsmp) + apache 2.0.54 + webmail (uebimiau)


From my own webmail, if when sending a message, in the body the message, appears a chain introduced in the file of configuration, the message is rejected. For example:


In file mod_security.conf:


SecFilterDefaultAction "deny,log,status:403"

. . . . .

. . . . .

Secfilter /bin/chmod


In the body of mail message

“this is a example for the string /bin/chmod”


This generates following log.




Request: - - [28/Oct/2005:10:48:06 +0200] "POST /webmail/newmsg.php HTTP/1.0" 403 220

Handler: php-script


POST /webmail/newmsg.php HTTP/1.0

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

Referer: https://correo.pruebas.es/webmail/newmsg.php?pag=1&folder=inbox&sid={4361E2260EA50-4361E2261386F-1130488358}&tid=0&lid=0

Accept-Language: es

Content-Type: application/x-www-form-urlencoded

Connection: Keep-Alive

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)

Host: correo.cajamar.es

Content-Length: 363

Cache-Control: no-cache

Cookie: {4361E2260EA50-4361E2261386F-1130488358}=%7B4361E2260EA50-4361E2261386F-1130488358%7D

mod_security-message: Access denied with code 403. Pattern match "/bin/chmod" at POST_PAYLOAD

mod_security-action: 403





HTTP/1.0 403 Forbidden

Content-Length: 220

Connection: close

Content-Type: text/html; charset=iso-8859-1




1)       it is possible to avoid that mod_security does not verify the body of the message?

2)       He is coherent to use mod_security with a webmail? I have not found any positive or negative reference


Many thanks for you help.




Tomás Hidalgo Salvador


Dpto. Sistemas Unix

DSF Almariya

Almeria – Andalucia - Spain