[mod-security-users] Disabling mod_security for a location
Brought to you by:
victorhora,
zimmerletw
From: Ariel J. <ar...@po...> - 2007-03-09 18:08:00
|
Sorry to bother again, but I really need a hand with this: > Hi guys, how are you doing ? > > I'm having problems trying to disable mod_security (2.1.0) for a specific > location, here's my virtualhost configuration directive: > > <VirtualHost 201.212.1.137:80> > ServerAdmin so...@po... > DocumentRoot /var/www/htdocs/prematch.com.ar > ServerName www.prematch.com.ar > ServerAlias prematch.com.ar > > <IfModule mod_security.c> > <Location /upload/archivos> > SecFilterEngine Off > SecAuditEngine Off > </Location> > </IfModule> > > > CustomLog /var/log/apache/prematch.com.ar-access.log combined > Errorlog /var/log/apache/prematch.com.ar-error.log > </VirtualHost> > > (I used those lines with 1.9.4 and they worked, I tried to change > mod_security.c to mod_security2.c but it didn't work either; it's compiled > as DSO) > > Still I get: > > ==> /var/log/apache/modsec_audit.log <== > --67d49b70-A-- > [07/Mar/2007:11:50:24 --0300] T3qDun8AAAEAACqaCO0AAAAB 200.123.150.117 1907 > 201.212.1.137 80 > --67d49b70-B-- > GET /upload/archivos/Apto+M%E9dico+Mayores+de+21.doc HTTP/1.1 > Host: www.prematch.com.ar > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-AR; rv:1.8.0.10) > Gecko/20070216 Firefox/1.5.0.10 > Accept: > text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q >=0.8,image/png,*/*;q=0.5 Accept-Language: > es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > Referer: http://www.prematch.com.ar/?page=VerNoticia&c=608 > Cookie: __utma=60695404.392021047.1172684139.1173106775.1173278533.4; > __utmz=60695404.1172684139.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none >); __utmb=60695404; __utmc=60695404 > Cache-Control: max-age=0 > > --67d49b70-F-- > HTTP/1.1 400 Bad Request > Content-Length: 226 > Connection: close > Content-Type: text/html; charset=iso-8859-1 > > --67d49b70-H-- > Message: Access denied with code 400 (phase 1). Invalid Unicode encoding: > invalid byte value in character. [id "950801"] [msg "UTF8 Encoding Abuse > Attack Attempt"] [severity "WARNING"] > Action: Intercepted (phase 1) > Stopwatch: 1173279024513978 814 (- - -) > Producer: ModSecurity v2.1.0 (Apache 2.x) > Server: Apache/2.2.4 (Unix) PHP/5.2.1 > > --67d49b70-Z-- > > > ==> /var/log/apache/modsec_debug.log <== > [07/Mar/2007:11:50:24 --0300] > [www.prematch.com.ar/sid#814b120][rid#82bc870] [/upload/archivos/Apto > M\xe9dico Mayores de 21.doc][1] Access denied with code 400 (phase 1). > Invalid Unicode encoding: invalid byte value in character. [id "950801"] > [msg "UTF8 Encoding Abuse Attack Attempt"] [severity "WARNING"] > > > > Thank you for your help, > Ariel |