fredoun wrote:
> Hi everyone,
>
> seems i have a problem with SecFilterSelective OUTPUT:
>
> f.e. i have
>
> SecFilterSelective OUTPUT "mySQL query error"
>
> when i have a file
>
> http//blahblah/file containing this string it's ok
>
> but when the string is hidden f.e. : (from php generated url)
>
>
> <!-- THE POST 33930 -->
> <div class="postcolor" id='post-33930'>mySQL query error</div>
> <!--IBF.ATTACHMENT_33930-->
> <br /><br />--------------------<br />
> <div class="signature"><img src="http://img508.imageshack.us/img508/594/admindark4do.jpg" /></div>
> <!-- THE POST -->
> </td>
>
> It doesn't work ...
>
> May someone help me ?
It works for me here. Perhaps you have some unusual Apache setup
that prevents ModSecurity from seeing the response generated by PHP.
You should be able to check that by observing debug log at level 4. Here
are the lines I get:
[26/Mar/2006:16:43:14 +0100] [192.168.2.111/sid#810e6e0][rid#829b760][/cgi-bin/php/x.php][2]
Checking signature "mySQL query error" at OUTPUT
[26/Mar/2006:16:43:14 +0100] [192.168.2.111/sid#810e6e0][rid#8292f00][/x.php][4] Checking
against "<!-- THE POST 33930 -->\n\t\t\t<div class=\"postcolor\" id='post-33930'>mySQL query
error</div>\n"
If you still can't get it to work, submit a support request as
described here:
http://www.thinkingstone.com/download/ModSecurity_Support_Request_Preparation_Guide.pdf
and I'll be happy to look into it.
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net
|
