LinkBack URL
About LinkBacks
Mod Security Rule help
Hello,
we have a particular mod_security rule:
that is blocking various domains when they use their Perl bulk mailer, which has worked for quiet some time with no problems, but lately they are getting blocked via the CSF firewall when it triggers the mod_security settings. Here is a snip from the audit log:Code:# php injections SecFilterSelective ARGS_VALUES "[[:space:]]*(to|bcc|cc)[[:space:]]*:.*@"
I have been trying to figure out how to change the rule so they don't trigger the mod security rule, but not having much luck .... or should I remove this ruleCode:==59a76e3d============================== Request: www.userdomain.com IP_ADDRESS - - [10/Jan/2007:21:12:19 -0600] "POST /scgi-bin/mailermem.cgi HTTP/1.1" 406 360 "http://www.winning-trader.com/scgi-bin/mailermem.cgi?access=377a88b223dc45e6&action=process" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)" - "-" ---------------------------------------- POST /scgi-bin/mailermem.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */* Accept-Encoding: gzip, deflate Accept-Language: en-us Cache-Control: no-cache Connection: Keep-Alive Content-Length: 410999 Content-Type: application/x-www-form-urlencoded Cookie: trader_admin=377a88b223dc45e6 Host: www.userdomain.com Referer: http://www.userdomain.com/scgi-bin/mailermem.cgi?access=377a88b223dc45e6&action=process User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705) mod_security-action: 406 mod_security-message: Access denied with code 406. Pattern match "[[:space:]]*(to|bcc|cc)[[:space:]]*:.*@" at ARGS_VALUES("message") 410999 access=377a88b223dc45e6&action=sendmailer&format=html&subject=Thursday%27s+Trading+Update &message= .........
TIA,
Mickalo
Reply With Quote
Originally Posted by wolfy
