Re: [mod-security-users] Modsecurity and Apache Expect header vulnerability
Brought to you by:
victorhora,
zimmerletw
From: Jim W. <ji...@wa...> - 2006-09-24 00:44:43
|
On 9/23/2006 5:31 PM, Jim Watt wrote: > What about just restricting the value of the "Expect" header to "100-[Cc]ontinue", > which is the only valid example of the use of that header that I've been able > to find. > > Something like this: > > SecFilterSelective HTTP_Expect "!^(100-[Cc]ontinue)$" "deny,log, status:403" > > I have that installed, but I haven't seen any samples - yet! ;) Now that I have samples, it's plain that the condition is more complex than that! Don't try that one! :( Jim -- Jim Watt EMAIL: jim @ Watt.COM 1044 Belvedere Lane Voice: +1 408 446 9677 San Jose, CA 95129-2901 Fax: +1 408 446 4907 |