Re: [Mod-security-rules] Having problem with prevent uploading ELF within http
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-rules] Having problem with prevent uploading ELF within http
|
From: Ahmed L. <hum...@ho...> - 2019-05-14 12:06:24
|
Any solutions for my problem ?? why it works from shell but doesnt work from http upload ? any help will be appreciated ________________________________ From: Ahmed Linux Sent: Monday, May 13, 2019 11:28 PM To: mod...@li... Subject: Having problem with prevent uploading ELF within http Hello I using Modsecurity on WHM/Cpanel server I am trying to prevent uploading executable ELF files i used the following bash code within modsecurity upload scritp : elup=`file $upfile | egrep -w "LSB executable" | wc -l` if [ elup -gt 0 ] then echo "Executable file was found" exit fi If i tried to upload ELF it didnt detected while if i run bash script against ELF uploaded it output "Executable file was found" Why it doesnt work within http upload ?? Here are my modsecurity configurations : SecTmpSaveUploadedFiles On SecUploadKeepFiles RelevantOnly SecRequestBodyAccess On SecDebugLog /var/log/modsecurity-debug.log SecDebugLogLevel 6 SecUploadDir /home/modsec_tmp SecTmpDir /home/modsec_tmp SecDataDir /home/modsec_tmp SecRule FILES_TMPNAMES "@inspectFile \ /path/to/modsecurity/filescan.sh" "phase:2,deny,redirect:http://domain.com/suspicious_activity.html,id:1" What is wrong in my configuration ?? why it doesnt reject uploaded ELF from http ? instead it works from server ssh ?? Any help will be appretiated |
