|
From: Ivan R. <iv...@we...> - 2004-03-22 16:14:27
|
> I am using mod_security 1.7.6 with Apache 2.0.49 on Solaris 8 with > OpenSSL 0.9.7d > When a pdf file is uploaded it makes the Apache child process > crashes. Here's what I get: > [Mon Mar 22 13:59:52 2004] [notice] child pid 827 exit signal Segmentation > fault (11) > > > When I disable the security rules the file upload works fine. It does not crash when you disable the rules but leave "SecFilterScanPOST On"? I am uploading a 3.6 MB file on Apache 2.0.49 + mod_security 1.7.6 on Linux (sorry, I don't have access to a Solaris box) without any problems, with a match or without it. I will try to add mod_ssl to the mix but that shouldn't make any difference. Did you compile Apache yourself? Is the Apache using the built-in regular expression library? Or the Solaris implementation? > I think that filtering makes the process crash maybe because the file > is too big ( 1,5 MBytes). The security rules are very simple ( here's a few): > SecFilterScanPOST On > SecFilterCheckURLEncoding On > SecFilter "delete[[:space:]]+from" > SecFilter "insert[[:space:]]+into" > SecFilter "select.+from" Can you post the PDF file somewhere (for me)? Maybe there's something in it that crashes the regular expression library. > Since, it's a production system I can't do very more tests. > How could I disable scanning of an uploaded file by mod_security engine ? > > Would that rule : > SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data allow > at the beginning of the rules list be sufficient ? That should work, provided it does not crash with "SecFilterScanPOST On" but only when a regular expression is processed. Else, use "SecFilterScanPOST On". Other things you could do: Set the debug level to 9, "SecFilterDebugLevel 9", make it crash and send me the debug file. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |
