Hi,
=20
I believe that I have a bug in my mod_security configuration. On a
LimitRequestBody error, we are not being redirected to the
/limiterror.html page we set up to respond to a 413. Instead,
mod_security appears to be intercepting it (I am not sure what I have
misconfigured that is causing this...). Turning mod_security off allows
the user to be redirected to /limiterror.html
=20
We have added the following configuration to our httpd.conf for Apache
1.3.33:
=20
LimitRequestBody 200000
=20
ErrorDocument 413 /limiterror.html
=20
Running mod_security 1.9.1 with the configuration below, we get the
following entry in our audit_log file (we are getting this instead of
being redirected to /limiterror.html):
(snipped down to relevant parts)
=20
POST /my/request HTTP/1.1
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=3D0.9,text/pla=
i
n;q=3D0.8,image/png,*/*;q=3D0.5
Accept-Charset: ISO-8859-1,utf-8;q=3D0.7,*;q=3D0.7
Accept-Encoding: gzip
Accept-Language: en-us,en;q=3D0.5
Cache-Control: no-cache, max-age=3D0
Connection: TE, keep-alive
TE: chunked;q=3D1.0
Content-Length: 2770541
Content-Type: multipart/form-data;
boundary=3D---------------------------285355041
Pragma: no-cache
=20
mod_security-message: Access denied with redirect to [/].
ap_setup_client_block failed with 413
mod_security-action: 302
=20
28
[POST payload not available]
=20
HTTP/1.1 302 Found
Location: /
Keep-Alive: timeout=3D15, max=3D99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=3Diso-8859-1
--0000337d--
=20
Here is the configuration for mod_security:
<IfModule mod_security.c>
SecFilterEngine On
SecAuditEngine RelevantOnly
=20
SecAuditLog logs/audit_log
SecFilterDebugLog logs/modsec_debug_log
SecFilterDebugLevel 0
=20
SecFilterScanPOST On
=20
SecFilterDefaultAction "deny,log,redirect:/" =20
SecFilterSignatureAction "deny,log,redirect:/"
=20
SecFilter "<[[:space:]]*script" id:1001
=20
SecFilter "<.+>" id:1002=20
=20
SecFilterSignatureAction
deny,log,redirect:http://localhost/removecookies
SecFilterSelective HTTP_Cookie "<[[:space:]]*script" id:1100
SecFilterSelective HTTP_Cookie "<[[:space:]]*img" id:1101
SecFilterSelective HTTP_Cookie "<[[:space:]]*iframe" id:1102
SecFilterSelective HTTP_Cookie "<[[:space:]]*frame" id:1103
SecFilterSelective HTTP_Cookie "<[[:space:]]*object" id:1104
SecFilterSelective HTTP_Cookie "<[[:space:]]*applet" id:1105
SecFilterSelective HTTP_Cookie "<[[:space:]]*link" id:1106
SecFilterSelective HTTP_Cookie "<[[:space:]]*embed" id:1107
SecFilterSelective HTTP_Cookie "<[[:space:]]*form" id:1108
=20
</IfModule>
=20
Thanks!
Allen
|
