|
From: Ervin H. <ai...@gm...> - 2018-06-20 19:46:46
|
Hi Brad, On Wed, Jun 20, 2018 at 12:01:57PM -0400, Brad Zynda wrote: > Hey Everyone, > > Currently we are using mod_security.x86_64 2.9.2-1.el7 @centos7-x86_64 > > Happy to see it is parallel with 2 and written in C! (may need a box of > kleenex) > > > So we are seeing the multipart -- error specific to > https://github.com/SpiderLabs/ModSecurity/issues/652 > > It really does not get into details as to which parses should be used or > specific ones that cause this error. perhaps you have this one: SecRule MULTIPART_UNMATCHED_BOUNDARY .... but it's fixed (only in 3.0.3): https://github.com/SpiderLabs/ModSecurity/pull/1747 Note, that you can read about this at here: https://github.com/SpiderLabs/ModSecurity/pull/1801/commits/e0b3580370f01deeaa45d8f9a7893a77ad097937 so, of you want to avoid the error above (request denied with file which contains "--" at the begin of line) you have to use this rule: SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" instead of the uncommented (original) line. regards, a. |
