Hi,

I have used the rule

#disable Post scanning for upload files
SetEnvIfNoCase Content-Type "^multipart/form-data" "MODSEC_NOPOSTBUFFERING=Do not buffer file uploads"

When multipart/form-data is received, apache thread terminated with following in error_log

[Tue Oct 12 14:14:26 2004] [notice] child pid 24935 exit signal Segmentation fault (11)

I have set debug level to 4, and the log contains:

[12/Oct/2004:14:14:25 +0800] [_default_/sid#809f020][rid#82b54a0][/ittest/modules/newbb/post.php] sec_check_access, path=(null)
[12/Oct/2004:14:14:25 +0800] [_default_/sid#809f020][rid#82b54a0][/ittest/modules/newbb/post.php] Normalised REQUEST_URI: "/ittest/modules/newbb/post.php"
[12/Oct/2004:14:14:25 +0800] [_default_/sid#809f020][rid#82b54a0][/ittest/modules/newbb/post.php] Parsing arguments...
[12/Oct/2004:14:14:25 +0800] [_default_/sid#809f020][rid#82b54a0][/ittest/modules/newbb/post.php] Adding cookie "lx006app_kmbh_com_hk_9080_ittest_newbb_10_LastVisit"="1097561646"
[12/Oct/2004:14:14:25 +0800] [_default_/sid#809f020][rid#82b54a0][/ittest/modules/newbb/post.php] Adding cookie "lx006app_kmbh_com_hk_9080_ittest_newbb_10_LastVisitTemp"="1097561621"
[12/Oct/2004:14:14:25 +0800] [_default_/sid#809f020][rid#82b54a0][/ittest/modules/newbb/post.php] Adding cookie "lx006app_kmbh_com_hk_9080_ittest_newbb_10_forum_lastview"="a:1:{i:1;i:1097561638;}"
[12/Oct/2004:14:14:25 +0800] [_default_/sid#809f020][rid#82b54a0][/ittest/modules/newbb/post.php] Adding cookie "PHPSESSID"="9f1b8e18d45bc5ec6393dca955406bb4"
[12/Oct/2004:14:14:25 +0800] [_default_/sid#809f020][rid#82b54a0][/ittest/modules/newbb/post.php] content-type = "multipart/form-data; boundary=----------------
-----------7d417823502a0"
[12/Oct/2004:14:14:25 +0800] [_default_/sid#809f020][rid#82b54a0][/ittest/modules/newbb/post.php] read_post_payload: POST scanning turned off dynamically (MODSEC_NOPOSTBUFFERING=Do not buffer file uploads)

-- EOF --

After changing the rule to :
SecFilterSelective HTTP_Content-Type "^multipart/form-data" "allow"

The transaction can be completed sucessfully.


Also, following rule in the documentation seems to be incorrect :

    # Only accept request encodings we know how to handle
    # we exclude GET requests from this because some (automated)
    # clients supply "text/html" as Content-Type
    SecFilterSelective REQUEST_METHOD "!^GET$" chain
    SecFilterSelective HTTP_Content-Type "!^(|application/x-www-form-urlencoded|multipart/form-data)$"

since multipart/form-data include ";boundary ...." in Content-Type.


Version : mod_security 1.8.4
Apache : 2.0.40 (bundled in RedHat 8.0)


Thanks & Regards,
Michael


-----------------------------------------------------------------------------------------------------------
KMB E-mail Disclaimer

This e-mail may contain confidential, proprietary or legally privileged
information and is intended for the attention and use of the
addressee(s) only. If you are not the intended recipient of this
message, you must not copy, use or disclose any part of its
contents. Please notify the sender immediately and delete this
message from your system.

The KMB Group and each of its affiliates and the sender of this
message shall not be responsible or liable for any errors or omissions
in the contents of this message as secure or error free e-mail
transmission cannot be guaranteed. Information sent via e-mail
could arrive late or contain viruses or be intercepted, corrupted,
lost, destroyed, or incomplete. Unless otherwise stated, any
information given in this message is indicative only and is subject to
our formal written confirmation.