Re: [mod-security-users] (no subject)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] (no subject)
|
From: Ivan R. <iva...@gm...> - 2006-04-26 12:31:43
|
On 4/26/06, BassPlayer <bas...@an...> wrote: > Hi All, > How much at risk am I with this off? With it on, it really makes it hard > to talk about anything interesting, using squirrelmail, without it 403ing > my mail message. > > POST scanning You are experiencing problems not because you have request body buffering enabled, but because you have incorrect rules setup for SquirerelMail. You should really focus on the latter (for example, you might decide to turn ModSecurity off for that part of the web server). As for the risk measurement - it's not a purely technical issue. It depends on how likely is that someone is going to attack you. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
