Re: [mod-security-users] SecUploadApproveScript problems
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SecUploadApproveScript problems
|
From: <ar...@po...> - 2006-09-20 02:02:33
|
I tried changing that but now I get:
mod_security-message: Access denied with code 403. Error verifying files: v=
erify_uploaded_file: Execution of the approver script "/bin/uploadparse.sh"=
failed [severity "EMERGENCY"]
And if I try to run it from the chroot:
host:/# uploadparse.sh /var/www/test.php
host:/#
host:/# uploadparse.sh /var/www/DyN_Fuente.tar
host:/#
Any idea ?
Thanks.
----- Mensaje Original -----
According to the man page, use "exit" instead of "echo"<br />
<br />
<br />
#!/bin/bash<br />
<br />
TIPO_ARCHIVO=3D`file $1`<br />
<br />
if [ "$TIPO_ARCHIVO" =3D "$1: PHP script text" ]; then<br />
exit 1<br />
else<br />
exit 0<br />
fi<br />
<br />
<br />
<br />
Ariel Jolodovsky wrote:<br />
> #!/bin/bash<br />
><br />
> TIPO_ARCHIVO=3D`file $1`<br />
><br />
> if [ "$TIPO_ARCHIVO" =3D "$1: PHP script text" ]; then<br />
> echo "1"<br />
> else<br />
> echo "0"<br />
> fi<br />
><br />
><br />
> It works in the shell but not from www... Is this how I am suppoused to r=
eturn <br />
> values ?<br />
><br />
> El Martes, 19 de Septiembre de 2006 1:53 PM, escribi=F3:<br />
> <br />
>> On 9/19/06, Ariel Jolodovsky <ar...@po...> wrote:<br />
>> <br />
>>> We're getting closer !<br />
>>> You were right, I needed bash and it's libs, I added them and then I wa=
s<br />
>>> able to chroot (via bash) into /var/chroot/apache.<br />
>>> ...<br />
>>><br />
>>> host:/#<br />
>>> uploadparse.sh /tmp/20060919-132113-200.123.150.117-IronMaidenCover.JPG=
<br />
>>> 0<br />
>>> <br />
>> You need to return 1 if you want to allow file, 0 if you don't.<br />
>> <br />
><br />
> -------------------------------------------------------------------------=
<br />
> Take Surveys. Earn Cash. Influence the Future of IT<br />
> Join SourceForge.net's Techsay panel and you'll get the chance to share y=
our<br />
> opinions on IT & business topics through brief surveys -- and earn cash<b=
r />
> <a href=3D"http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourcef=
orge&CID=3DDEVDEV">www.techsay.com/default.php?page=3Djoin.php&p=3Dsourcefo=
rge&CID=3DDEVDEV</a><br />
> _______________________________________________<br />
> mod-security-users mailing list<br />
> mod...@li...<br />
> https://lists.sourceforge.net/lists/listinfo/mod-security-users<br />
><br />
> <br />
<br />
|