On Mon, Dec 22, 2008 at 1:41 PM, j k <jonnykent@gmail.com> wrote:

I search the list via the source-forge search function to research similar problems but did not find an answer.

I've just installed mod_security 2.5.7 and clamav on a gentoo linux server running apache 2.2 with a view to scanning files uploaded via php script.

here's my very basic mod_security config:
 egrep -v "^$|^#"  /etc/apache2/modules.d/mod_security/10_config.conf
SecRuleEngine DetectionOnly
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 524288
SecDefaultAction "phase:2,log,pass,status:500"
SecUploadDir /var/www/localhost/uploads_mod_security
SecUploadKeepFiles On
 SecRule FILES_TMPNAMES "@inspectFile /var/www/localhost/perl/modsec-clamscan.pl" \
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^[45]"
SecAuditLogType Serial
SecAuditLog /var/log/apache2/modsec_audit.log
SecAuditLogParts "ABIFHZ"

SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDebugLog             /var/log/apache2/modsec_debug.log
SecDebugLogLevel        5
SecDataDir /var/www/localhost/mod_security/SecDataDir
SecTmpDir /var/www/localhost/mod_security/SecTmpDir
SecRule RESPONSE_STATUS "!^(?:30[12]|[45]\d\d)$" "phase:3,pass,nolog,initcol:resource=%{REQUEST_FILENAME}"

To go along with that I created
all with permissions 0770 during development on a dev only server

I can see that the files are being uploaded and processed as they end up in

but they don't end up where they normally would end up in the normal directory upload directory for php scripts, that is, $_FILES['upload']['tmp_name'] and the move from there fails since the file doesn't arrive there after the scan.
For instance php is looking for a file named /var/www/localhost/uploads_as/phpIc1CXj after one such upload so $_FILES['upload'] is pointing at /var/www/localhost/uploads_as as defined in the php.ini file.

The server is configured with apache being a member of a group that has read-write permissions to all those folders.

Here's the last line from the log where it copies over the file
[22/Dec/2008:13:23:42 --0800] [mywebsite/sid#12859288][rid#12c9c510][/utst.php][4] Input filter: Moved file from "/var/www/localhost/mod_security/SecTmpDir/20081222-132342-SVAFXoTvDDcAAGTZBW4AAAAA-file-jZ3Wva" to "/var/www/localhost/uploads_mod_security/20081222-132342-SVAFXoTvDDcAAGTZBW4AAAAA-file-jZ3Wva".

and here's that file moved there
-rw------- 1 apache apache 272 Dec 22 13:23 20081222-132342-SVAFXoTvDDcAAGTZBW4AAAAA-file-jZ3Wva

In case it was causing problems I tried setting SecUploadFileMode 0660 but apache did not like that:
/etc/init.d/apache2 restart
 * Stopping apache2 ...
Syntax error on line 152 of /etc/apache2/modules.d/mod_security/10_config.conf:
Invalid command 'SecUploadFileMode', perhaps misspelled or defined by a module not included in the server configuration                                   [ ok ]
 * Apache2 has detected a syntax error in your configuration files:
Syntax error on line 152 of /etc/apache2/modules.d/mod_security/10_config.conf:
Invalid command 'SecUploadFileMode', perhaps misspelled or defined by a module not included in the server configuration
that's a little odd since that flag is mentioned in the docs.

I know it's getting close to holiday time but if you could give me a little guidance I'd much appreciate it.


OOPS! scratch all that. It works now. I had not yet created the destination folder that the files were copied to. (duh!) My apologies for posting too soon :(
Thank you mod_security team for a great product.