[mod-security-users] 1.9b4 SecFilterRemove question

[Rude Y. <ru...@ya...>]

Hi, folks.  I've been playing with the latest-and-greatest and trying to apply
it to a situation I'm dealing with on one of my servers.  Specifically, I have
a multi-purpose webserver, part of which hosts a weblog.  Whereas, for the
majority of the web server, I can afford to have relatively tight input
filtering, it would be nice to be less restrictive for the weblog.  To wit, I'm
trying the following in my httpd.conf:

<IfModule mod_security.c>

# Defaults
SecFilterEngine DynamicOnly
SecFilterScanPOST On
SecFilterInheritance On
SecFilterCheckCookieFormat On
SecFilterNormalizeCookies On
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding On
SecFilterForceByteRange 32 122
SecFilterSelective "ARGS" "!^[A-Za-z0-9.&/?@_%=:;, *+-]*$" id:1001
SecFilterSelective COOKIES_VALUES "!^[A-Za-z0-9&./?@_%=:;, !-]*$" id:1002

</IfModule>

Ideally, what I'd like to add is this:

<Location ~ "^/blog/">
SecFilterRemove 1001
</Location>

Now, ignoring for the moment the wisdom of turning off input validation
altogether (I'll have another post on that later ;-), I'm wondering if this
construct should work the way I expect.  Reason is, with this configuration, I
am stymied by the exact SecFilterSelective statement I'm trying to un-inherit:

[01/Oct/2005:22:23:35 --0500] [mysite/sid#2193f8][rid#40cb88][/blog/oncall/][1]
Access denied with code 406. Pattern match "!^[A-Za-z0-9.&/?@_%=:;, *+-]*$" at
POST_PAYLOAD [id "1001"]

I have read the note in the 1.9b4 docs about Apache contexts and how they're
merged, etc., but I'm thinking I have a simple enough configuration that what I
have above should work.  Obviously I'm wrong :-)  Can anyone on the list help
set me straight?

Much thanks in advance,

Erick.


		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com