Re: [mod-security-users] ModSecurity, serverside state, user collection advice
Brought to you by:
victorhora,
zimmerletw
From: <chr...@po...> - 2010-04-06 14:49:43
|
Hi Ivan, > [No time to read and understand your entire email, I am not surprised given the complexity and the length of the recipe... ;( > That's true about exec, but @inspectFile supports binary return values. > You can pass one variable at a time to it, but if you don't need anything just > ignore the first parameter. Does that help? But is not this limited to files that are being uploaded? My client's requests come without files... Regs, Christian -- Christian Folini, IT 222 Webserver Security Engineer -----Ursprüngliche Nachricht----- Von: Ivan Ristic [mailto:iva...@gm...] Gesendet: Dienstag, 6. April 2010 16:14 An: Folini Christian, IT222 extern Cc: mod...@li... Betreff: Re: [mod-security-users] ModSecurity, serverside state, user collection advice [No time to read and understand your entire email, but I have a thought in response to a fragment that caught my eye.] > What I do not like about the proposed solution below is the fact that > it depends on ModRewrite to call the authorise script in order to call > the directory. > I would rather have ModSecurity call the authorise script, but "exec" > does not come with a method to handle return values, AFAIK. That's true about exec, but @inspectFile supports binary return values. You can pass one variable at a time to it, but if you don't need anything just ignore the first parameter. Does that help? -- Ivan Ristic ModSecurity Handbook [http://www.modsecurityhandbook.com] SSL Labs [https://www.ssllabs.com/ssldb/] |