[mod-security-users] modsecurity and spam in OWA
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] modsecurity and spam in OWA
|
From: Jason H. <Jas...@tr...> - 2005-12-16 00:53:01
|
This may sound like a feature instead of a bug, but I thought it might reflect how complex Web security can actually be... We use an Apache reverse-proxy to protect a Microsoft Outlook Web Access (OWA) server, and I have modsecurity-1.9.1 in there doing it's thing. However, I just found it blocked me from reading some nice Asian spam someone kindly thought to send me: GET /exchange/username/Inbox/%E4%B8%8A%E7%BD%91%E9%A1%BA%E5%B8%A6%E6%8C%A3%E7%BE%8E%E5%85%83.EML?Cmd=open HTTP/1.1 (OWA creates links to each msg based on the Subject line) Anyway, I had "SecFilterForceByteRange 32 126" and it blocked that URL as there was a char 228 in there Sooo, what should I block instead? Given the fact that the Webapp needs to present almost any char (i.e. assuming a Subject line could contain any char), could I do an exclusion list instead? i.e. accept everything other than NULL, etc? And if so, can someone tell me what "etc" should actually be? ;-) Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 |
