Re: [mod-security-users] Webdav won't work with SecFilter
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Webdav won't work with SecFilter
|
From: Ivan R. <iv...@we...> - 2005-11-24 11:41:27
|
li...@32... wrote: > Hello, > > I am running Mac OS X Tiger. When I attempt to connect to my webdav folder I > cannot. The 2 secfilters blocking me are as follows... > > #XSS Attacks > SecFilter "<(.|\n)+>" > > # Only accept request encodings we know how to handle > # we exclude GET requests from this because some (automated) > # clients supply "text/html" as Content-Type > SecFilterSelective HTTP_Content-Type > "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)" > > > Is there any changes I can make to the secfilter syntax so webdav will work, > BUT not opening up possible exploit paths? The only thing you can do is disable those two rules selectively, for the WebDAV areas. The attacks they are guarding against are not effective for WebDAV anyway. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
