Thanks for the update.

Do you know if there is an anticipated release date for 2.7.2? or if there is a simple patch I could apply to 2.7.1 to fix this?




From: Breno Silva []
Sent: Friday, December 14, 2012 5:36 PM
To: Paul Beckett (ITCS)
Subject: Re: [mod-security-users] SecUploadFileMode not working in 2.7.1




SecUploadFileMode in modsecurity 2.7.x is broken. However it is already fixed for 2.7.2.





On Fri, Dec 14, 2012 at 7:56 AM, Paul Beckett (ITCS) <> wrote:

In my mod-security config, I am setting the file mode as follows:


SecUploadFileMode 0640


This worked fine for me in ModSecurity 2.6.8, giving the expected permission set:

-rw-r----- 1 web_apache_sa clamav 3164 Dec 14 13:47 20121214-134722-UMst6oveeK0AAB22NP0AAADI-file-OhLOox


Today I upgraded to ModSecurity 2.7.1 (built from source), I now get:

-rw------- 1 web_apache_sa clamav 3164 Dec 14 13:31 20121214-133123-UMsqK4veeK0AAAxoz2AAAAAS-file-ICjJbM


Thinking this was probably something I’d done wrong (as I’m new to mod_security), I rebuilt mod_security 2.6.8 with exactly the same settings as I’d built 2.7.1, and this results in the files having the file permissions I expected.


Does anyone know if this is a bug? The only thing I can find in JIRA is MODSEC-247 , where release 2.6.1 appeared to have this issue, but this was fixed. Or is there some specification change I’ve missed that I should be doing something differently?


Thanks for taking the time to read this,



LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
mod-security-users mailing list
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: