Re: [mod-security-users] Problem with url parsing
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Problem with url parsing
|
From: Ivan R. <iv...@we...> - 2005-03-22 11:03:27
|
Kin wrote: > First of all: sorry for my english. > > Ten days ago, after a "replacement", my provider has installed (or updated? > i don't know) mod_security. But there are some problem now. > > In my discussion forum, people get lots of error 403 (forbidden). > I think the problem are this filters: > > ... > > I copy and past this after a quick serch on google, I not take them from my > server config. > > The problem is that when user of the bullettin board try to send message with a > "cc ", "ps ", "perl " in it, they got a 403 error. > > For example if i try to send the message: > "Disable caps lock key" > > It return an error for the "ps " > > "perl is a great lenguage" (403 forbidden) > > "1, 2, 3, ecc ecc" (403 forbidden) > (ecc is "etc" in italian and is used very often) > > "ps (post scriptum): bla bla bla" (403 forbidden) > > It's a big problem for me, what I can do with this???? > please let me know something Complain to your hosting provider. Some people seem to think they can just copy anything they find on the Internet, put it into httpd.conf, and magically solve all their security problems. (I don't know if this is the case with your provider but it sure sounds like it is.) ModSecurity can solve problems only when people know what they are doing. To create a secure hosting environment one must design systems for security. It's not the easiest job in the world, but it isn't rocket science either. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
