|
From: Brad Z. <bra...@na...> - 2018-06-21 12:04:42
|
Hi Ervin, I will see about getting the latest 3.0.3 + stable outside of the channels to see if it fixes our issue. Thanks, Brad On 06/20/2018 03:46 PM, Ervin Hegedüs wrote: > Hi Brad, > > On Wed, Jun 20, 2018 at 12:01:57PM -0400, Brad Zynda wrote: >> Hey Everyone, >> >> Currently we are using mod_security.x86_64 2.9.2-1.el7 @centos7-x86_64 >> >> Happy to see it is parallel with 2 and written in C! (may need a box of >> kleenex) >> >> >> So we are seeing the multipart -- error specific to >> https://github.com/SpiderLabs/ModSecurity/issues/652 >> >> It really does not get into details as to which parses should be used or >> specific ones that cause this error. > > perhaps you have this one: > > SecRule MULTIPART_UNMATCHED_BOUNDARY .... > > but it's fixed (only in 3.0.3): > > https://github.com/SpiderLabs/ModSecurity/pull/1747 > > Note, that you can read about this at here: > > https://github.com/SpiderLabs/ModSecurity/pull/1801/commits/e0b3580370f01deeaa45d8f9a7893a77ad097937 > > so, of you want to avoid the error above (request denied with > file which contains "--" at the begin of line) you have to use > this rule: > > SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" > > instead of the uncommented (original) line. > > > > > regards, > > > a. > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
