Re: [mod-security-users] mod_security-2.7.7 - inspectFile being ignored.
Brought to you by:
victorhora,
zimmerletw
From: Ehsan M. <ehs...@gm...> - 2016-12-03 19:04:23
|
Hi... SecRuleEngine Off ??????????????????? I think you need to turn it On!!!! On Sat, Dec 3, 2016 at 6:12 PM, hanj <ma...@as...> wrote: > Hello All > > I just recently upgraded from 2.6.1 to 2.7.7. I'm having trouble with > inspectFile. It almost appears to be ignored in the vhost conf. I'm seeing > some logging in the audit_log, but nothing related to the inspectFile. I > also changed the name of the path of the file itself to see if I get an > error.. no error. Again, it appears that it's not being included. If put a > syntax error in config, I do get an apache startup error, so mod_sec is > definitely being loaded. > > This is my portion of the vhost... > > <IfModule mod_security2.c> > SecRuleInheritance Off > SecRuleEngine Off > SecRequestBodyAccess Off > SecDefaultAction "phase:2,log,deny,status:403" > SecAuditEngine RelevantOnly > SetEnvIfNoCase Content-Type \ > "^multipart/form-data;" "MODSEC_NOPOSTBUFFERING=Do > not buffer file uploads" > SecRule FILES_TMPNAMES "@inspectFile /safe_bin/file.sh" \ > "t:none,id:'900012'" > </IfModule> > > > This worked perfectly in 2.6.1 > > Thanks! > hanji > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |