Re: [mod-security-users] Apache 2.2.0 - Mod Security 1.9.1 - Webdav Folder

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

I forgot to add that I was using Windows XP to connect using Webdav.

"/tails/" did not work.  I also have to trick Windows XP to use basic
authentication otherwise it fails miserably.  "http://www.example.com:80/tails"
does work after changing the alias to what you suggested.

Weird that it worked before in pre-2.2.0 but I have a lot of those quirks yesterday.

Thank you.

Ivan Ristic wrote:
> Ann Hopkins wrote:
> 
>>I moved my webdav folder out of the general root directory structure in apache,
>>and used "SecFilterInheritance Off", but it "Mod_security" still blocks the
>>request.  I would appreciate any ideas. Thanks
> 
> 
>   The way you have Apache configured right now
> 
>     Alias /tails/ "/<non-standard location>/tails/"
> 
>   Alias "kicks in" only when you provide the / at the end of the
>   URI. But this is not happening:
> 
> 
>>[Fri Dec 02 16:24:47 2005] [error] [client 192.168.254.XXX] mod_security: Access
>>denied with code 403. Pattern match
>>"!(^application/x-www-form-urlencoded$|^multipart/form-data;)" at
>>HEADER("Content-Type") [hostname "www.example.com"] [uri "/tails"]
> 
> 
>   Without the / at the end Apache treats the request as one
>   for the root context. (You would be getting a 404 response if it
>   were not for ModSecurity.)
> 
>   You can test my assumption my making a request to "/tails/" instead
>   of "/tails".
> 
>   Changing the Alias line to:
> 
>     Alias /tails "/<non-standard location>/tails"
> 
>   should fix the problem.
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDkeVXhs7JGk93PT0RA8feAJ4yHDYV0P9JMa/ZOsYGW9s/6JG3HACfYs10
A+HhuTK2AFzPui/6ifWMCRI=
=sy/S
-----END PGP SIGNATURE-----