Re: [mod-security-users] Need some help with mod security and PostNuke .761
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Need some help with mod security and PostNuke .761
|
From: Ivan R. <iv...@we...> - 2005-11-18 09:57:32
|
Christopher Patricca wrote: > Hello folks, > > Well I’ve been doing some tightening of security on my webserver but it > seems that I’ve made things too tight. The problem is that I can’t > figure out how to best let PostNuke do what it needs to do. Right now > several of my filters stop the execution of a large number of commands > that I need to have available in postnuke. I’ll start off by posting my > current modsecurity.conf file: It's generally difficult to protect content management systems using generic negative signatures only. > SecAuditEngine On You do know this logs every request? Just checking :) > SecFilterCheckUnicodeEncoding On This should be enabled only if UTF-8 is used in the web site. > SecFilter /bin/sh > SecFilter hidden > SecFilter "\.\./" > SecFilterSelective ARGS "bin/" These are just too broad. It's what's causing your problems. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
