Hallo, Arthur, Du meintest am 03.12.09: > Does anyone else here use Mod_Security on their web server? Yes - me. Without any problem. > Since upgrading Mod_Security I now find that I am able to access SM > as normal, but clicking on any message or folder results in the error > "Forbidden You don't have permission to access > /webmail/src/right_main.php on this server." > I'm aware that this is not a SM problem, but I am posting here in > case anyone has already solved this problem (I have posted a similar > thread on the Mod_Sec CRS list). > I am running SM on a Fedora 11 machine using the Fedora package > SquirrelMail 1.4.19-2.fc11. > Here is an extract from the modsec_audit.log file: > --22f31753-H-- > Message: Pattern match > "([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@>\-\|])(\s*return\s*)? > (?:join|pop|push|reverse|reduce|concat|map|shift|sp?lice|sort|unshift > )(?(1)[^\w%"]|(?:\s*[^@\s\w%,.+\-]))" at REQUEST_URI_RAW. Strange. That looks like a Fedora problem, no squirrelmail problem or modsec problem. That rule may work somehow, but it isn't readable. Viele Gruesse! Helmut ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
