Re: [mod-security-users] Apache 2.2.0 - Mod Security 1.9.1 - Webdav Folder
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Apache 2.2.0 - Mod Security 1.9.1 - Webdav Folder
|
From: Ivan R. <iv...@we...> - 2005-12-03 18:16:42
|
Ann Hopkins wrote:
> I moved my webdav folder out of the general root directory structure in apache,
> and used "SecFilterInheritance Off", but it "Mod_security" still blocks the
> request. I would appreciate any ideas. Thanks
The way you have Apache configured right now
Alias /tails/ "/<non-standard location>/tails/"
Alias "kicks in" only when you provide the / at the end of the
URI. But this is not happening:
> [Fri Dec 02 16:24:47 2005] [error] [client 192.168.254.XXX] mod_security: Access
> denied with code 403. Pattern match
> "!(^application/x-www-form-urlencoded$|^multipart/form-data;)" at
> HEADER("Content-Type") [hostname "www.example.com"] [uri "/tails"]
Without the / at the end Apache treats the request as one
for the root context. (You would be getting a 404 response if it
were not for ModSecurity.)
You can test my assumption my making a request to "/tails/" instead
of "/tails".
Changing the Alias line to:
Alias /tails "/<non-standard location>/tails"
should fix the problem.
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|
