Re: [mod-security-users] byterange, modules

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> 1. Is it (will it be) possible to have a couple of
> SecFilterForceByteRange statements? For p.e. german
> sites you have to allow almost the complete range
> (the lower one for web forms - tab, crlf, etc and
> the higher one for the special characs)? At the
> moment, I have to use a lot of SecFilterSelective
> statements instead.

  It will be. I have that planned for (goes away and
  looks at the plan) 1.9 dev, which should be available
  in about a month.

> 2. Do I need certain apache modules for some
> functions to work? Even with

  No.

> SecFilterOutputMimeTypes "(null) text/html text/plain"
> all my OUTPUT filters do not work any more. When
> uncommenting this one, they work fine.

  Send me your httpd.conf, a fragment of your mod_security
  debug log (set level to 9 first) and of the audit log (only for
  one request where you expect output scanning to work and it
  doesn't).

> I also have a
> problem with the SecServerSignature statement, both
> the proxy and the real servers have ServerTokens full
> but the server distribution is not masked.

  The debug log should help here too.

> I am currently using apache 2.0.48 compiled on my
> OpenBSD 3.4 x86 machine, running in systrace jail.

  And which version of mod_security? :)

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]