Le Friday 06 August 2010 09:00:12 Tomas Kuliavas, vous avez écrit : > 2010.08.05 18:48 Laurent HENRY rašė: > > Hello, > > I try to make squirrelmail 1.4.21 and modsecurity2 work together. > > > > I am triggering a false positive while trying to send a mail. > > > > ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" > > against "MULTIPART_UNMATCHED_BOUNDARY" required. > > [file "/etc/apache2/conf.d/mod_security2.conf"] [line "59"] [msg > > "Multipart > > parser detected a possible unmatched boundary."] [hostname > > "sepik.ehess.fr"] > > [uri "/mailnew/src/compose.php"] [unique_id "TFpfJ38AAAIAAHIKYZ0AAAAK"] > > > > > > Googling around this i find similar with Horde: > > http://comments.gmane.org/gmane.comp.apache.mod-security.user/6171 > > > > Does anyone have find any good solution ? > > Disable mod_security for src/compose.php or entire SquirrelMail. > > SquirrelMail is webmail. Its compose form can trigger false positives in > mod_security or other filters that try to catch PHP mail() form exploits. > In webmail posted email body can contain anything. Including things that > look like PHP mail() form exploit. Well, thanks, i thought about it. BTW, it is a radical workaround ! i don't know how to disable an apache module inside a single vhost or a directory ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
