Re: [mod-security-users] Multipart: invalid Content-Disposition header (-11)?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Multipart: invalid Content-Disposition header (-11)?
|
From: Ivan R. <iv...@we...> - 2006-02-16 13:20:37
|
Gerwin Krist -|- Digitalus Webhosting wrote: > Hmmm well I dunno exactly whats this customer is using. I figured out > that customer is using Jupload (http://jupload.biz/) . I think JUpload is wrong here, but I've contacted the developers to see if they are actually using that parameter for anything. I will also consider whether accepting unknown header parameters is dangerous or not. Maybe I can relax mod_security checks. ModSecurity is strict to reduce the possibility of someone exploiting impedance mismatch in parsing. In the meantime: commenting out the line "else return -11;" (in the ModSecurity source code, of course) should allow the request through. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
