Re: [mod-security-users] Unable to have mod_security 'exec' as default action.
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Unable to have mod_security 'exec' as default action.
|
From: Ivan R. <iv...@we...> - 2005-11-10 20:44:15
|
Jason Z wrote:
>
> It turns out that ModSecurity requires all exec commands to print
> something back out ('1' for example) in order to actually accept the
> execution. I didn't think that a logging script would need to provide
> any feedback to ModSecurity. After watching the debug output (as you
> suggested) I changed the extension from . to .pl and had it just print a
> 1 at the end and ModSecurity became happy.
Ah, there's a reason for that. There are cases (or at least there were
when I looked at it) where it is not possible to differentiate between
a script failing to execute and a script executing but not writing
anything to stdout.
I'll make a note of it in the documentation.
Thanks for bringing the problem to my attention.
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|