|
From: Christian F. <chr...@ne...> - 2021-10-31 20:57:00
|
Hey Harald, On Sun, Oct 31, 2021 at 03:35:35PM +0100, Reindl Harald wrote: > it's not completly disabled > SecRequestBodyAccess versus SecRuleEngine! > > phase:1 and all the header stuff is still active > > SecRequestBodyAccess: > Configures whether request bodies will be buffered and processed by > ModSecurity by default. That's decent enough. Watch our for next CRS release where more rules will happen in phase 1. Cheers, Christian > > > ______________________________________________________________ > > > Od: "Reindl Harald" <h.r...@th...> > > > Komu: mod...@li... > > > Datum: 31.10.2021 13:41 > > > Předmět: Re: [mod-security-users] Recommended rule exclusions for > > WYSIWYG editor editing > > > > > > > Am 31.10.21 um 13:34 schrieb Filip Bartmann: > > > I'm discovering mod_security with core rule set as very usefull, but > > I'm going in to trouble with editing HTML via admin part of my CMS > > including file uploads other parts works well. > > > > > > Is there any recomendations for minimal rule exlusions for allowing > > this, but with as many as possible rules enabled. In editing html in > > forms I get many detections in this as XSS attacks or so on. > > > > you started that topic already afew weeks ago > > > > there is nothing like post HTML and enable as much as possible rules at > > the same time - you will have a fulltimejob adding more and more rules > > to exceptions and a minimal WYSIWG change can hit another rule tomorrow > > > > forget it, been there, done that many years ago - it's not worth > > > > <IfModule mod_security2.c> > > <LocationMatch "(.*)\/editor\/plugins\/preview\.php$"> > > SecRequestBodyAccess Off > > </LocationMatch> > > </IfModule> > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
