Re: [mod-security-users] Problem trying to catch malformed requests
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Problem trying to catch malformed requests
|
From: Tom A. <tan...@oa...> - 2005-08-12 21:22:50
|
I had the same problem... no solution other than putting a proxy in front of your server. Tom ----- Original Message ----- From: "Leandro Meiners" <lme...@cy...> To: <mod...@li...> Sent: Friday, August 12, 2005 5:02 PM Subject: [mod-security-users] Problem trying to catch malformed requests > According to Apache documentation: > "Although most error messages can be overriden, there are certain > circumstances where the internal messages are used regardless of the > setting > of ErrorDocument. In particular, if a malformed request is detected, > normal > request processing will be immediately halted and the internal error > message > returned. This is necessary to guard against security problems caused by > bad > requests." > > I've tried to catch malformed requests using mod_security but it seems > that > they don't even reach mod_security. > > Does anyone know how to overcome this limitation? > > Regards, > > ------------------------------------------------ > Leandro Federico Meiners > CYBSEC S.A. Security Systems > E-mail: lme...@cy... > Tel/Fax: [54-11] 4382-1600 > Web: http://www.cybsec.com > > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle > Practices > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > |