The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security rules help - block external mailer script

Discussion in 'Security' started by jeroman8, Jun 19, 2007.

  1. jeroman8

    jeroman8 Well-Known Member

    Mar 14, 2003
    Likes Received:
    Trophy Points:

    I'm trying to block so the following command/address can't be run but whithout blocking
    to much som OK commands can be run.


    I mod security I have added this:

    SecFilterSelective THE_REQUEST "=http//"
    SecFilterSelective THE_REQUEST "d=http"
    SecFilterSelective THE_REQUEST "admin_events.php?CONFIG_EXT"
    SecFilterSelective THE_REQUEST "inc_dir=http"
    SecFilter "admin_events.php?CONFIG_EXT"
    SecFilter "d=http"
    SecFilter "inc_dir=http"

    The strange thing is if I add manually for example in address field:


    //Then I get forbidden, mod_sec blocks it.
    But none of the above rules work when it's in the adress as above/top - something
    makes a difference in that url cause the page is viewable and you can send email.
    It's a mailer scripts being loaded from another server.

    Even if I chmod 000 the admin_events.php - I can load the page !!
    I guess it's because it's really not the file you're loading, it's the external file but
    hm... it should be forbidden anyway I think.

    But the rules - anyone know how to block it alright ?

Share This Page