|
From: <lde...@ne...> - 2004-03-22 15:00:24
|
Hi, I am using mod_security 1.7.6 with Apache 2.0.49 on Solaris 8 with OpenSSL 0.9.7d When a pdf file is uploaded it makes the Apache child process crashes. Here's what I get: [Mon Mar 22 13:59:52 2004] [notice] child pid 827 exit signal Segmentatio= n fault (11) When I disable the security rules the file upload works fine. I think that filtering makes the process crash maybe because the file is too big ( 1,5 MBytes). The security rules are very simple ( here's a f= ew): SecFilterScanPOST On SecFilterCheckURLEncoding On SecFilter "delete[[:space:]]+from" SecFilter "insert[[:space:]]+into" SecFilter "select.+from" I didn't enable the SecFilterForceByteRange rule. The file is uploaded via a HTTP POST request Since, it's a production system I can't do very more tests. How could I disable scanning of an uploaded file by mod_security engine ? Would that rule : SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data allow at the beginning of the rules list be sufficient ? Thanks, Luc |
