Any solutions for my problem ??
why it works from shell but doesnt work from http upload ?
any help will be appreciated
________________________________
From: Ahmed Linux
Sent: Monday, May 13, 2019 11:28 PM
To: mod...@li...
Subject: Having problem with prevent uploading ELF within http
Hello
I using Modsecurity on WHM/Cpanel server
I am trying to prevent uploading executable ELF files
i used the following bash code within modsecurity upload scritp :
elup=`file $upfile | egrep -w "LSB executable" | wc -l`
if [ elup -gt 0 ]
then
echo "Executable file was found"
exit
fi
If i tried to upload ELF it didnt detected
while if i run bash script against ELF uploaded it output "Executable file was found"
Why it doesnt work within http upload ??
Here are my modsecurity configurations :
SecTmpSaveUploadedFiles On
SecUploadKeepFiles RelevantOnly
SecRequestBodyAccess On
SecDebugLog /var/log/modsecurity-debug.log
SecDebugLogLevel 6
SecUploadDir /home/modsec_tmp
SecTmpDir /home/modsec_tmp
SecDataDir /home/modsec_tmp
SecRule FILES_TMPNAMES "@inspectFile \
/path/to/modsecurity/filescan.sh" "phase:2,deny,redirect:http://domain.com/suspicious_activity.html,id:1"
What is wrong in my configuration ?? why it doesnt reject uploaded ELF from http ? instead it works from server ssh ??
Any help will be appretiated
|