|
From: Reindl H. <h.r...@th...> - 2021-10-31 12:40:17
|
Am 31.10.21 um 13:34 schrieb Filip Bartmann: > I'm discovering mod_security with core rule set as very usefull, but I'm going in to trouble with editing HTML via admin part of my CMS including file uploads other parts works well. > > Is there any recomendations for minimal rule exlusions for allowing this, but with as many as possible rules enabled. In editing html in forms I get many detections in this as XSS attacks or so on. you started that topic already afew weeks ago there is nothing like post HTML and enable as much as possible rules at the same time - you will have a fulltimejob adding more and more rules to exceptions and a minimal WYSIWG change can hit another rule tomorrow forget it, been there, done that many years ago - it's not worth <IfModule mod_security2.c> <LocationMatch "(.*)\/editor\/plugins\/preview\.php$"> SecRequestBodyAccess Off </LocationMatch> </IfModule> |
