Re: [Mod-security-rules] Having problem with prevent uploading ELF within http
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-rules] Having problem with prevent uploading ELF within http
|
From: Ahmed L. <hum...@ho...> - 2019-05-15 15:08:17
|
After investigation i found the problem within Litespeed Thanks for all ________________________________ From: Ahmed Linux <hum...@ho...> Sent: Tuesday, May 14, 2019 2:06 PM To: mod...@li... Subject: Re: Having problem with prevent uploading ELF within http Any solutions for my problem ?? why it works from shell but doesnt work from http upload ? any help will be appreciated ________________________________ From: Ahmed Linux Sent: Monday, May 13, 2019 11:28 PM To: mod...@li... Subject: Having problem with prevent uploading ELF within http Hello I using Modsecurity on WHM/Cpanel server I am trying to prevent uploading executable ELF files i used the following bash code within modsecurity upload scritp : elup=`file $upfile | egrep -w "LSB executable" | wc -l` if [ elup -gt 0 ] then echo "Executable file was found" exit fi If i tried to upload ELF it didnt detected while if i run bash script against ELF uploaded it output "Executable file was found" Why it doesnt work within http upload ?? Here are my modsecurity configurations : SecTmpSaveUploadedFiles On SecUploadKeepFiles RelevantOnly SecRequestBodyAccess On SecDebugLog /var/log/modsecurity-debug.log SecDebugLogLevel 6 SecUploadDir /home/modsec_tmp SecTmpDir /home/modsec_tmp SecDataDir /home/modsec_tmp SecRule FILES_TMPNAMES "@inspectFile \ /path/to/modsecurity/filescan.sh" "phase:2,deny,redirect:http://domain.com/suspicious_activity.html,id:1" What is wrong in my configuration ?? why it doesnt reject uploaded ELF from http ? instead it works from server ssh ?? Any help will be appretiated |
