Thread: [Mod-security-developers] issue with PATH_TRANSLATED and @inspectFile via modsec-clamscan.pl
Brought to you by:
victorhora,
zimmerletw
From: Thomas K. <mad...@gm...> - 2012-10-08 07:39:29
|
hello, i've got the common examplesetup for my server using the modsec-clamscan.plto check Fileupload with ClamAV: SecRule FILES_TMPNAMES "@inspectFile /usr/bin/modsec-clamscan.pl" "phase:2,t:none,log,status:403,deny" using apache 2 and PHP as apache-module. Unfortunaly mod_security produces the ENV variable PATH_TRANSLATED which irritates some softwarepackages of my customers. The scripts are using PATH_TRANSLATED instead of SCRIPT_FILENAME and i'am not able to patch all customerscripts (since some got also crypted PHP code like Oxid-Shop etc). patching modsecurity-apache_2.6.7/apache2/apache2_util.c line 76 will solve the problem, but no glue if this will affect mod_security anyhow?: /* PHP hack, getting around its silly security checks. */ apr_table_add(r->subprocess_env, "PATH_TRANSLATED", command); apr_table_add(r->subprocess_env, "REDIRECT_STATUS", "302"); Google gives me a hint: http://blog.modsecurity.org/2003/07/fun-with-php-cl.html why does mod_security set this ENV and how can i fix it? Can i patch it out of the source, iam only using mod_security as a apache modul, no CLI php is used. greetings - thomas |