Mail from GioMBG > hack this into /etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf to alowed mod_security + mailman into fedora 7 moonshine with mod_security
MANY Thanks Jeffrey! SINCERLY! I have resolved with this hack into my: /etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf Simply I have commented: SecRule REQUEST_BASENAME as # SecRule REQUEST_BASENAME I think that is the minor hack to prevent this kind of apache+mod_security+mailman error and to alowed the .shtml file extension in my html... YES You have just resolved not one but the 2 unique most bad problem into my newest monshine (fedora7)! MANY THANKs! GioMBG
---| hack this into /etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf to alowed mod_security + mailman into fedora 7 moonshine with mod_security |---
# Restrict file extension
#
# TODO the list of file extensions below are virtually always considered unsafe
# and not in use in any valid program. If your application uses one of
# these extensions, please remove it from the list of blocked extensions.
# You may need to use ModSecurity Core Rule Set Templates to do so, otherwise
# comment the whole rule.
#
# SecRule REQUEST_BASENAME "\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|sdisco)|a(?:s(?:ax?|cx)|xd)|s(?:html?|ql|tm|ys)|d(?:bf?|at|ll|os)|i(?:d[acq]|n[ci])|ba(?:[kt]|ckup)|res(?:ources|x)|l(?:icx|nk|og)|\w{,5}~|webinfo|ht[rw]|xs[dx]|exe|key|mdb|old)$"
"t:urlDecodeUni, t:lowercase, deny,log,auditlog,status:500,msg:'URL file extension is restricted by policy', severity:'2',id:'960035'"
Giò "MBG" Canepa - E Mail: mbg a mbg.it Phone & Fax +39 0541 985 737 - Mobile +39 393 33 567 07 http://www.mbg.it | http://www.9Records.com Snail mail P.O. Box 59 / 47838 Riccione Italy
On Jun 26, 2007, at 7:26 PM, Gio MBG Canepa root wrote:
Thank you. I think that the lesson here is that any time you get an
error
from the webs erver, look at the error logs. Once you posted the
logs as Mark requested, the answer to the problem was clear. But
prior to seeing the log entry, nobody could have help.
I'm pleased things are now working.
Cheers,
-j
On Jun 26, 2007, at 7:26 PM, Gio MBG Canepa root wrote:
Thank you. I think that the lesson here is that any time you get an
error
from the webs erver, look at the error logs. Once you posted the
logs as Mark requested, the answer to the problem was clear. But
prior to seeing the log entry, nobody could have help.
I'm pleased things are now working.
Cheers,
-j
participants (2)
-
Gio MBG Canepa root -
Jeffrey Goldberg