[mod-security-users] mod_security + webmail + body message
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] mod_security + webmail + body message
|
From: Tomas H. S. <thi...@te...> - 2005-10-28 10:06:02
|
Hi, =20 I'am tunning mod_security 1.8.7 in Red Hat 3.0 Upgrade 5 = (2.4.21-32.ELsmp) + apache 2.0.54 + webmail (uebimiau) =20 From my own webmail, if when sending a message, in the body the message, = appears a chain introduced in the file of configuration, the message is = rejected. For example: =20 In file mod_security.conf: =20 SecFilterDefaultAction "deny,log,status:403" . . . . .=20 . . . . .=20 Secfilter /bin/chmod =20 In the body of mail message "this is a example for the string /bin/chmod" =20 This generates following log. =20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D UNIQUE_ID: jFn6LMCoyZgAABlCGDoAAAAr Request: 192.168.207.1 - - [28/Oct/2005:10:48:06 +0200] "POST = /webmail/newmsg.php HTTP/1.0" 403 220 Handler: php-script ---------------------------------------- POST /webmail/newmsg.php HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, = application/x-shockwave-flash, application/vnd.ms-excel, = application/vnd.ms-powerpoint, application/msword, */* Referer: = https://correo.pruebas.es/webmail/newmsg.php?pag=3D1&folder=3Dinbox&sid=3D= {4361E2260EA50-4361E2261386F-1130488358}&tid=3D0&lid=3D0 Accept-Language: es Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; = InfoPath.1) Host: correo.cajamar.es Content-Length: 363 Cache-Control: no-cache Cookie: = {4361E2260EA50-4361E2261386F-1130488358}=3D%7B4361E2260EA50-4361E2261386F= -1130488358%7D mod_security-message: Access denied with code 403. Pattern match = "/bin/chmod" at POST_PAYLOAD mod_security-action: 403 =20 363 tipo=3Dsend&is_html=3Dtrue&sid=3D%7B4361E2260EA50-4361E2261386F-113048835= 8%7D&lid=3D0&tid=3D0&folder=3Dinbox&sig=3DTomas+Hidalgo%3Cbr+%2F%3E%0D%0A= %28c%29+2005&textmode=3D&to=...@te...&cc=3D&bcc=3D= &subject=3Dprueba3&body=3D%3CBR%3Een+el+cuerpo+del+mensaje+aparece+la+pal= abra+%2Fbin%2Fchmod%3CBR%3E--%3CBR%3ETomas+Hidalgo%3CBR%3E%28c%29+2005%3C= BR%3E%3CBR%3E&priority=3D3 =20 HTTP/1.0 403 Forbidden Content-Length: 220 Connection: close Content-Type: text/html; charset=3Diso-8859-1 =20 Questions: =20 1) it is possible to avoid that mod_security does not verify the = body of the message? 2) He is coherent to use mod_security with a webmail? I have not = found any positive or negative reference =20 Many thanks for you help. =20 =20 =20 Tom=E1s Hidalgo Salvador thi...@te... Dpto. Sistemas Unix DSF Almariya Almeria - Andalucia - Spain =20 |
