RE: [mod-security-users] Directive SecUploadApproveScript

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ivan Ristic wrote:

>  SecUploadApproveScript does not support a custom action list yet.
>  (I've added your request to my TODO list too).
>
>  Try something like this (just an idea, I haven't tried it myself):
>
>  <Location /path/to/your/upload/script>
>      SecFilterDefaultAction ...
>      SecUploadApproveScript ...
>  </Location>

I have test the following option in my apache. It has not worked.  :-(
Also I have proven the same configuration without the option of =
SecFilterInheritance.
The mod_security-action would have to be 444, instead of 403.

a)
<Directory "/myscripts">
    SecFilterInheritance Off
    SecFilterDefaultAction "pass,log,status:444"
    SecUploadApproveScript /myscripts/verificar_upload_webmail.pl
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

b)
<Location "/myscripts">
    SecFilterInheritance Off
    SecFilterDefaultAction "pass,log,status:444"
    SecUploadApproveScript /myscritps/verificar_upload_webmail.pl
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Location>

The log:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
UNIQUE_ID: kf7FOMCoyZgAAEUGB28AAAAJ
Request: 192.168.207.1 - - [04/Nov/2005:13:37:37 +0100] "POST =
/webmail/upload.php?sid=3D{436B52D24EDEE-436B52D253C10-1131107026} =
HTTP/1.1" 403 220
Handler: php-script
----------------------------------------
POST /webmail/upload.php?sid=3D{436B52D24EDEE-436B52D253C10-1131107026} =
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, =
application/x-shockwave-flash, application/vnd.ms-excel, =
application/vnd.ms-powerpoint, application/msword, */*
Referer: =
https://correo.test.es/webmail/upload.php?sid=3D{436B52D24EDEE-436B52D253=
C10-1131107026}&tid=3D0&lid=3D0
Accept-Language: es
Content-Type: multipart/form-data; =
boundary=3D---------------------------7d5239e1604bc
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; =
InfoPath.1)
Host: correo.test.es
Content-Length: 882
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: =
{436B52D24EDEE-436B52D253C10-1131107026}=3D%7B436B52D24EDEE-436B52D253C10=
-1131107026%7D
mod_security-message: Error verifying files: File =
"/tmp/20051104-133736-192.168.207.1-clam.cab" rejected by the approver =
script "/myscripts/verificar_upload_webmail.pl"
mod_security-action: 403

57
[@file:20051104-133736-192.168.207.1-request_body-EYLTfT]

HTTP/1.1 403 Forbidden
Content-Length: 220
Connection: close
Content-Type: text/html; charset=3Diso-8859-1

The apache error-log:

[Fri Nov 04 13:37:37 2005] [error] [client 192.168.207.1] mod_security: =
Access denied with code 403. Error verifying files: File =
"/tmp/20051104-133736-192.168.207.1-clam.cab" rejected by the approver =
script "/myscripts/verificar_upload_webmail.pl" [hostname =
"correo.test.es"] [uri =
"/webmail/upload.php?sid=3D{436B52D24EDEE-436B52D253C10-1131107026}"] =
[unique_id kf7FOMCoyZgAAEUGB28AAAAJ]

Many thanks for you help.

Tom=E1s Hidalgo Salvador
thi...@te...
Dpto. Sistemas Unix
Tlf.: 2333
DSF Almariya