Re: [mod-security-users] Horde mail and "MULTIPART_UNMATCHED_BOUNDARY"
Brought to you by:
victorhora,
zimmerletw
From: Brian R. <Bri...@br...> - 2009-04-27 16:26:59
|
Andrew Grauberg wrote: > Hi All, > > I am getting “Access denied” when trying to forward a message via Horde > webmail. The modsec_debug.log shows the following message: > > [webmail.xxx.com/sid#2b359d9ff0c0][rid#2b35a30070c8][/imp/compose.php][1] [file > "/etc/httpd/conf/mod_security_rules/min.conf"] [line "59"] [msg > "Multipart parser detected a possible unmatched boundary."] Access > denied with code 403 (phase 2). Match of "eq 0" against > "MULTIPART_UNMATCHED_BOUNDARY" required. > > My question: How can I disable only this particular rule for that domain > in vhost.conf? > > I could place something like: > > <LocationMatch “/imp/compose.php”> > > SecRuleRemoveById xxx > > </LocationMatch> > > But in that case there is no rule id# for that rule in the min.conf. It > refers to the rule: > > # Did we see anything that might be a boundary? > > SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ > > "phase:2,t:none,log,deny,msg:'Multipart parser detected a possible > unmatched boundary.'" > > Please, help. > You can remove it by msg as well... SecRuleRemoveByMsg "^Multipart parser detected a possible unmatched boundary\.$" -B -- Brian Rectanus Breach Security |