Hi Ivan,

> When multipart/form-data is received, apache thread terminated with
> following in error_log
>
> [Tue Oct 12 14:14:26 2004] [notice] child pid 24935 exit signal
> Segmentation fault (11)

 I can confirm this. The problem should be now fixed. Please
 retrieve the updated version (revision 1.139) from the CVS and
 try again:
 http://cvs.sourceforge.net/viewcvs.py/mod-security/mod_security/apache2/

I will try and inform you the result. Thanks

> Also, following rule in the documentation seems to be incorrect :
>
>     # Only accept request encodings we know how to handle
>     # we exclude GET requests from this because some (automated)
>     # clients supply "text/html" as Content-Type
>     SecFilterSelective REQUEST_METHOD "!^GET$" chain
>     SecFilterSelective HTTP_Content-Type
> "!^(|application/x-www-form-urlencoded|multipart/form-data)$"
>
> since multipart/form-data include ";boundary ...." in Content-Type.

  That's also correct but I fixed that one some time ago. I may have
 missed a spot, if I did please let me know where.


The reference manual for 1.8.4 (in PDF format) page 9 contains following

To make sure that only requests with these two encoding types are accepted by the
web server, add the following line to your configuration file:

SecFilterSelective HTTP_Content-Type "!^(|application/x-www-form-urlencoded|
multipart/form-data)$"

Please check.

Regards,
Michael


-----------------------------------------------------------------------------------------------------------
KMB E-mail Disclaimer

This e-mail may contain confidential, proprietary or legally privileged
information and is intended for the attention and use of the
addressee(s) only. If you are not the intended recipient of this
message, you must not copy, use or disclose any part of its
contents. Please notify the sender immediately and delete this
message from your system.

The KMB Group and each of its affiliates and the sender of this
message shall not be responsible or liable for any errors or omissions
in the contents of this message as secure or error free e-mail
transmission cannot be guaranteed. Information sent via e-mail
could arrive late or contain viruses or be intercepted, corrupted,
lost, destroyed, or incomplete. Unless otherwise stated, any
information given in this message is indicative only and is subject to
our formal written confirmation.