Re: [mod-security-users] Multipart: invalid Content-Disposition header (-11)?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Multipart: invalid Content-Disposition header (-11)?
|
From: Ivan R. <iv...@we...> - 2006-02-17 21:13:59
|
Ivan Ristic wrote: > Gerwin Krist -|- Digitalus Webhosting wrote: >> Hmmm well I dunno exactly whats this customer is using. I figured out >> that customer is using Jupload (http://jupload.biz/) . > > I think JUpload is wrong here, but I've contacted the developers > to see if they are actually using that parameter for anything. I just heard from the JUpload developers. They are not using the header. They have also removed it from their application in their most recent build. > I will also consider whether accepting unknown header parameters > is dangerous or not. Maybe I can relax mod_security checks. ModSecurity > is strict to reduce the possibility of someone exploiting impedance > mismatch in parsing. I am still considering my options here. At the moment I am leaning toward introducing a bunch of options to allow for better control of the implicit checks. This would be nice to have if someone encounters a similar problem in the future. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
