RE: [mod-security-users] Blocking PUT requests
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
RE: [mod-security-users] Blocking PUT requests
|
From: De V. R. <Ric...@bm...> - 2006-02-13 21:45:15
|
Understood. Thanks for the feedback. So there is no way to have mod_security delete these files, even though they triggered an alarm? It's important to have these attempts logged; I just don't know if we would actually want to keep the offending files. Especially if these are quite large. R -----Original Message----- From: mod...@li... [mailto:mod...@li...] On Behalf Of Ivan Ristic Sent: Monday, February 13, 2006 15:40 To: De Vries, Richard Cc: mod...@li... Subject: Re: [mod-security-users] Blocking PUT requests De Vries, Richard wrote: > > I was wondering whether or not it'd be wise to block PUT requests. I > don't foresee needing file-uploads ... does anyone know whether "PUT" is > used for anything else? They are often used for various RPC calls, but normally not in "normal" web applications. > Hmm, even though I set the following rule: >=20 > SecFilterSelective REQUEST_METHOD "!^(GET|HEAD|POST)$" >=20 > I still see the following file being created in /tmp if I do a PUT >=20 > /tmp/20060213-153039-172.18.60.128-request_body-TnaGyO >=20 > Additionally, these files are not automatically being cleaned up. > Suggestions anyone? You should configure a different directory for those files, some place where only httpd can access. (Just to be on the safe side.) Other than that, the file is probably not erased because it is referenced in the audit log. --=20 Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D103432&bid=3D230486&dat=3D= 121642 _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users |
