Re: [mod-security-users] can't seem to get notification working...

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Sat, 3 Apr 2004, Jeremy Hansen wrote:

> On Sat, 3 Apr 2004, Ivan Ristic wrote:
> 
> > 
> > > So I tried 1.7.6 and still, no message so I'm obviously doing something 
> > > wrong in my config.  Any clues?
> > 
> >   Your script works for me without modification. One thing to try
> >   would be to use absolute paths for all binares (hostname and mail).
> > 
> >   Are you using suexec on your web server? Look in the suexec log
> >   if you are, there may be clues there.
> 
> So yes...this actually leads to something:
> 
> [2004-04-03 10:23:15]: error: invalid command 
> (/usr/webservers/httpd/conf/report-attack.sh)
> 
> but I'm not sure exactly what it means by invalid command.

So looking at the code:

    if ((cmd[0] == '/') || (!strncmp(cmd, "../", 3))
        || (strstr(cmd, "/../") != NULL)) {
        log_err("error: invalid command (%s)\n", cmd);
        exit(104);
    }

so, because the line starts with a /, suexec says it's an invalid command.  
What's the work around for this?

Thanks
-jeremy

> Thanks
> -jeremy
> 
> 