[mod-security-users] Re: Vbulletin 3.5.2 and mod_security
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Re: Vbulletin 3.5.2 and mod_security
|
From: Thomas B. <web...@sp...> - 2006-03-14 15:04:45
|
Terry Dooher wrote: > > This rule will esssentially do nothing at all. pass allows you to log > matching entries with actions such as 'log,pass'. Using it on its own or > with nolog will do nothing. > > To explicitly accept a request based on a match, you need to use the > allow action: > > SecFilterSelective THE_REQUEST "\|+.*[\%u20AC].*\|" allow,nolog > > Of course, you'll have to be careful where exaclty this rule appears. If > you put it at the top, then anyone can subvert the reset of your rule > set by simply inserting a euro character in their request. It's good > practice to put your allow rules right at the bottom of the list. Of > course, if one of your other rules triggering a 'deny' on similar > content, then the request will never reach this rule and you'll have to > figure out some sort of chaining. > > I can't comment on the regular expression itself, however. I run a > vBulletin 3.0 system myself and I curious as to what you're trying to > match with the \|+ and \| at either end of it. > > Terry. > > > It was one of many trys to get it working, but none worked, not allow, not pass, no QUERY_STRING rule, realy noting. The only workaround for it was to deactivate the CheckURLEncoding option. For now its working without postscanning, but i will try it without ajax, maybe i have more luck without it. MFG Thomas Behrend |
