mod-security-users

[mod-security-users] file upload error

[scOrpiOnn <sco...@gm...>]

hi all, one question :D

i have a upload form -> upload.asp , and i put one gif image, and do
upload...  (mozilla firefox)

modsec.conf -------------
 <Location /asp/upload.asp>
        SecFilterInheritance Off
        SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
    </Location>
---------------------------------

error message:
[Thu Dec 15 11:07:01 2005] [error] [client 10.10.5.14] mod_security: Access
denied with code 403. Pattern match "!image/(jpeg|bmp|gif)" at POST_PAYLOAD
[hostname "www.euromadi.es"] [uri "/asp/upload.asp"]

i was tested lot of combinations for SecFilterSelective POST_PAYLOAD , like
"!image/(gif)" , "(gif)" ...
lots of tests, but never works.

any ideas ? THX ALL :)
 <mod...@li...>

Re: [mod-security-users] file upload error

[Ivan R. <iv...@we...>]

scOrpiOnn wrote:
> hi all, one question :D
> 
> i have a upload form -> upload.asp , and i put one gif image, and do
> upload...  (mozilla firefox)
> 
> modsec.conf -------------
>  <Location /asp/upload.asp>
>         SecFilterInheritance Off
>         SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
>     </Location>
> ---------------------------------
>
> ...
>
> any ideas ? THX ALL :)

  It doesn't work the way you think it does :) You don't get
  to access the raw request payload for multipart/form-data
  requests. And even if you did, the content-type field is
  client-driven and thus easy to fake.

  To filter uploaded files you need to create a script and
  use SecUploadApproveScript. But you'll need to figure out
  the content types by yourself.

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org