[mod-security-users] Need some help with mod security and PostNuke .761
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Need some help with mod security and PostNuke .761
|
From: Christopher P. <chr...@ve...> - 2005-11-17 08:31:00
|
Hello folks, Well I've been doing some tightening of security on my webserver but it seems that I've made things too tight. The problem is that I can't figure out how to best let PostNuke do what it needs to do. Right now several of my filters stop the execution of a large number of commands that I need to have available in postnuke. I'll start off by posting my current modsecurity.conf file: SecFilterEngine On SecFilterScanPOST On SecAuditEngine On SecAuditLog logs/audit_log SecFilterSelective HTTP_Transfer-Encoding "!^$" SecFilterDefaultAction "deny,log,status:500" SecFilter "<( |\n)*script*" SecFilterInheritance Off SecFilterCheckUnicodeEncoding On SecFilterCheckURLEncoding On SecServerResponseToken Off SecFilter /bin/sh SecFilter hidden SecServerSignature "Microsoft-IIS/5.0" SecFilter "\.\./" SecFilterSelective ARGS "bin/" And here's the audit log of one of several stops I get when I try and do something simple like update a block: ======================================== UNIQUE_ID: davA638AAAEAAGm3ay8AAAAB Request: 67.190.166.65 - - [16/Nov/2005:23:54:53 --0600] "POST /index.php?module=Blocks&type=admin&func=update HTTP/1.1" 500 623 Handler: (null) ---------------------------------------- POST /index.php?module=Blocks&type=admin&func=update HTTP/1.1 Host: www.venomstats.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q= 0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.venomstats.com/index.php?module=Blocks&type=admin&func=modify&bid =39 Content-Type: application/x-www-form-urlencoded Content-Length: 3382 mod_security-message: Access denied with code 500. Pattern match "bin/" at POST_PAYLOAD mod_security-action: 500 Thanks for the help. Christopher Patricca Server Administrator |
