[Mod-security-developers] File type inspection
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] File type inspection
|
From: Marc S. <mar...@ap...> - 2014-05-26 14:05:28
|
Hello,
I'd like implement a filter to determine uploaded files type (think
about the "file" command under Unix).
Obviously, I could use the "@InspectFile" operator with a script but it
has 2 drawbacks:
- launching a new process every time is slow
- you cannot parametrise the type of files you allow except by
hard-coding them in the script(s) - maybe by using environment
variables, but what side-effects can we have when launching several
scripts with different allowed types?
So, I think a filter returning the file type is the best approach - you
can decide then if you accept it or not.
Is there any better way I didn't think about?
Question: How to access the file content?
The easiest way is to probably to open the file on the disk (like in
@InspectFile) but
1. Can't we access the data in memory directly? This should be more
performant. How to access only the file content from a multipart
parameter - do we have to parse it manually?
2. Although we can block the request, the file will already have been
written on the disk. Do we have to remove it with a @InspectFile script?
Is there any way to block before the file was written to disk (as we
only have to read a few bytes of it) ?
I'm waiting for your ideas and I'll open a GitHub Issue once I have a
better view.
Marc Stern
Approach Belgium - www.approach.be
|
