Re: [mod-security-users] Hang on POST when SecRequestBodyAccess turned on
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Hang on POST when SecRequestBodyAccess turned on
|
From: James W. <jwi...@bj...> - 2012-06-12 20:00:27
|
Just to clarify, in case this helps anyone else: In php.ini, the upload_max_filesize parameter was set to 20M. In my mod_security conf file, I had to set SecRequestBodyLimit to 20971520 (20MB) to eliminate the hang and get the POST data working. Thanks, James From: James Wiegand Sent: Monday, June 11, 2012 1:53 PM To: 'Ryan Barnett' Cc: mod...@li... Subject: RE: [mod-security-users] Hang on POST when SecRequestBodyAccess turned on Thanks, that fixed it. Had I actually read the manual, I would have seen that the recommended config is actually in there at the bottom. -James From: Ryan Barnett [mailto:RBa...@tr...]<mailto:[mailto:RBa...@tr...]> Sent: Saturday, June 09, 2012 8:07 AM To: James Wiegand Cc: mod...@li...<mailto:mod...@li...> Subject: Re: [mod-security-users] Hang on POST when SecRequestBodyAccess turned on I would suggest you start with the recommended base config - http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/modsecurity.conf-recommended Ryan On Jun 9, 2012, at 8:57 AM, "James Wiegand" <jwi...@bj...<mailto:jwi...@bj...>> wrote: Hi, I am getting a timeout/empty response body when setting SecRequestBodyAccess On. I have come up with a minimal config file that cause the problem. I see this happening in AJAX requests such as the OpenCart “add to cart…#157; button, which does nothing when the setting is turned on. Am I missing a necessary setting here? Details follow. Apache 2.2.22/PHP 5.3.13/mod_security 2.6.5 Mod_security.conf: SecRuleEngine On SecRequestBodyAccess On SecTmpDir /var/web/security SecUploadDir /var/web/security LoadModule security2_module /usr/modules/mod_security2.so SecDataDir /var/web/security ** NO RULES ** Thanks, James Wiegand ------------------ Brooks-Jeffrey Marketing, Inc. Brooks-Jeffrey Computer Store 19 Medical Plaza Mountain Home, Arkansas 72653 870.425.8064 Phone 800.506.8064 Toll Free 870.424.4996 Fax www.BrooksJeffrey.com<http://www.brooksjeffrey.com/> ------------------------ Advertising & Marketing art design - writing - photography promotional products - exhibit booths printing - direct mail - computer services - web ----------------------------------------------- This e-mail message is intended by Brooks-Jeffrey Marketing, Inc. for use only by the individual or entity to which it is addressed. This message may contain information that is privileged or confidential. It is not intended for transmission to, or receipt by, anyone other than the named addressee (or a person authorized to receive and deliver it to the named addressee). If you have received this transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply e-mail or by calling (870) 425-8064. Thank you. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. This e-mail message is intended by Brooks-Jeffrey Marketing, Inc. for use only by the individual or entity to which it is addressed. This message may contain information that is privileged or confidential. It is not intended for transmission to, or receipt by, anyone other than the named addressee (or a person authorized to receive and deliver it to the named addressee). If you have received this transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply e-mail or by calling (870) 425-8064. Thank you. |
