i've got the common examplesetup for my server using the modsec-clamscan.pl to check Fileupload with ClamAV:
SecRule FILES_TMPNAMES "@inspectFile /usr/bin/modsec-clamscan.pl" "phase:2,t:none,log,status:403,deny"
using apache 2 and PHP as apache-module. Unfortunaly mod_security produces the ENV variable PATH_TRANSLATED which irritates some softwarepackages of my customers.
The scripts are using PATH_TRANSLATED instead of SCRIPT_FILENAME and i'am not able to patch all customerscripts (since some got also crypted PHP code like Oxid-Shop etc).
patching modsecurity-apache_2.6.7/apache2/apache2_util.c line 76 will solve the problem, but no glue if this will affect mod_security anyhow?:
/* PHP hack, getting around its silly security checks. */
apr_table_add(r->subprocess_env, "PATH_TRANSLATED", command);
apr_table_add(r->subprocess_env, "REDIRECT_STATUS", "302");
Google gives me a hint: http://blog.modsecurity.org/2003/07/fun-with-php-cl.html
why does mod_security set this ENV and how can i fix it? Can i patch it out of the source, iam only using mod_security as a apache modul, no CLI php is used.
greetings - thomas