Hi folks,
i protect a webapplication with the latest 1.8 version of mod_security
(exact version info is currently not at hand). Running on an Apache2.
Upgrating to 1.9 is currently not possible.
The following rule:
SecFilterSelective ARG_text !(.{0,250}$)
should match, if someone enters a text longer 250 characters. I want no
limitation of the character set, because it is a free text field.
However, if "&text" contains a %0D%0A, the signature matches, even if the
content is smaller 250 chars.
The logmessage is:
"mod_security-message: Access denied with code 200. Pattern match
"!(^.{0,250}$)" at CUSTOM"
The request is a "POST" request. "SecFilterForceByteRange 1 255" is set.
Is this a known bug, or result to a bad configuration?
Is someone able to reproduce this?
Any help is appreciated!
Thanx in advance,
Bianca
--
Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko!
Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner
|
