Re: [mod-security-users] Dynamic Disable Post Scanning
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Dynamic Disable Post Scanning
|
From: Ivan R. <iv...@we...> - 2004-10-12 09:43:11
|
mic...@km... wrote: > Hi, > > I have used the rule > > #disable Post scanning for upload files > SetEnvIfNoCase Content-Type "^multipart/form-data" > "MODSEC_NOPOSTBUFFERING=Do not buffer file uploads" > > When multipart/form-data is received, apache thread terminated with > following in error_log > > [Tue Oct 12 14:14:26 2004] [notice] child pid 24935 exit signal > Segmentation fault (11) I can confirm this. The problem should be now fixed. Please retrieve the updated version (revision 1.139) from the CVS and try again: http://cvs.sourceforge.net/viewcvs.py/mod-security/mod_security/apache2/ > Also, following rule in the documentation seems to be incorrect : > > # Only accept request encodings we know how to handle > # we exclude GET requests from this because some (automated) > # clients supply "text/html" as Content-Type > SecFilterSelective REQUEST_METHOD "!^GET$" chain > SecFilterSelective HTTP_Content-Type > "!^(|application/x-www-form-urlencoded|multipart/form-data)$" > > since multipart/form-data include ";boundary ...." in Content-Type. That's also correct but I fixed that one some time ago. I may have missed a spot, if I did please let me know where. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |
