Re: [mod-security-users] mod_security enhancement idea
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_security enhancement idea
|
From: Tom A. <tan...@oa...> - 2006-04-11 16:03:08
|
joe barbish wrote: > The SecFilter "." is suppose to deny everything. Everything means > anything which is not one of the coded 'accept' rules, including all > known and un-known exploits. SecFilter "." will deny everything, but SecFilterSelective REQUEST_URI "^/index.php" allow will allow any possible exploits against index.php. If you want to protect index.php against, for example, directory traversals, then you'll want to add something like: SecFilter "\.\./" Or if you want to protect index.php against, for example, deceptive user agent strings, you'll want to add something like: SecFilterSelective "HTTP_USER_AGENT|HTTP_REFERER" "^-$" The point being that your "allow" string opens up the allowed page to any and all attacks. You still need exclusionary filters. Tom |
