Thread: [mod-security-users] SecFilterSelective OUTPUT
Brought to you by:
victorhora,
zimmerletw
From: fredoun <fr...@gm...> - 2006-03-26 15:20:35
|
Hi everyone, seems i have a problem with SecFilterSelective OUTPUT: f.e. i have SecFilterSelective OUTPUT "mySQL query error" when i have a file http//blahblah/file containing this string it's ok but when the string is hidden f.e. : (from php generated url) <!-- THE POST 33930 --> <div class="postcolor" id='post-33930'>mySQL query error</div> <!--IBF.ATTACHMENT_33930--> <br /><br />--------------------<br /> <div class="signature"><img src="http://img508.imageshack.us/img508/594/admindark4do.jpg" /></div> <!-- THE POST --> </td> It doesn't work ... May someone help me ? thx fredoun --------------= Posted using GrabIt =---------------- ------= Binary Usenet downloading made easy =--------- -= Get GrabIt for free from http://www.shemes.com/ =- |
From: Ivan R. <iv...@we...> - 2006-03-26 15:40:55
|
fredoun wrote: > Hi everyone, > > seems i have a problem with SecFilterSelective OUTPUT: > > f.e. i have > > SecFilterSelective OUTPUT "mySQL query error" > > when i have a file > > http//blahblah/file containing this string it's ok > > but when the string is hidden f.e. : (from php generated url) > > > <!-- THE POST 33930 --> > <div class="postcolor" id='post-33930'>mySQL query error</div> > <!--IBF.ATTACHMENT_33930--> > <br /><br />--------------------<br /> > <div class="signature"><img src="http://img508.imageshack.us/img508/594/admindark4do.jpg" /></div> > <!-- THE POST --> > </td> > > It doesn't work ... > > May someone help me ? It works for me here. Perhaps you have some unusual Apache setup that prevents ModSecurity from seeing the response generated by PHP. You should be able to check that by observing debug log at level 4. Here are the lines I get: [26/Mar/2006:16:43:14 +0100] [192.168.2.111/sid#810e6e0][rid#829b760][/cgi-bin/php/x.php][2] Checking signature "mySQL query error" at OUTPUT [26/Mar/2006:16:43:14 +0100] [192.168.2.111/sid#810e6e0][rid#8292f00][/x.php][4] Checking against "<!-- THE POST 33930 -->\n\t\t\t<div class=\"postcolor\" id='post-33930'>mySQL query error</div>\n" If you still can't get it to work, submit a support request as described here: http://www.thinkingstone.com/download/ModSecurity_Support_Request_Preparation_Guide.pdf and I'll be happy to look into it. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net |