2010.08.06 11:22 Laurent HENRY rašė: > Le Friday 06 August 2010 09:00:12 Tomas Kuliavas, vous avez écrit : >> 2010.08.05 18:48 Laurent HENRY rašė: >> > Hello, >> > I try to make squirrelmail 1.4.21 and modsecurity2 work together. >> > >> > I am triggering a false positive while trying to send a mail. >> > >> > ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" >> > against "MULTIPART_UNMATCHED_BOUNDARY" required. >> > [file "/etc/apache2/conf.d/mod_security2.conf"] [line "59"] [msg >> > "Multipart >> > parser detected a possible unmatched boundary."] [hostname >> > "sepik.ehess.fr"] >> > [uri "/mailnew/src/compose.php"] [unique_id >> "TFpfJ38AAAIAAHIKYZ0AAAAK"] >> > >> > >> > Googling around this i find similar with Horde: >> > http://comments.gmane.org/gmane.comp.apache.mod-security.user/6171 >> > >> > Does anyone have find any good solution ? >> >> Disable mod_security for src/compose.php or entire SquirrelMail. >> >> SquirrelMail is webmail. Its compose form can trigger false positives in >> mod_security or other filters that try to catch PHP mail() form >> exploits. >> In webmail posted email body can contain anything. Including things that >> look like PHP mail() form exploit. > > Well, thanks, i thought about it. > > BTW, it is a radical workaround ! > > i don't know how to disable an apache module inside a single vhost or a > directory I don't use mod_security. If I understand documentation correctly, "SecRuleEngine DetectionOnly" in <directory> or virtual host section disables mod_security for selected vhost or directory. http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/html-multipage/configuration-directives.html#N10B39 SecRuleEngine * Description: Configures the rules engine. * Syntax: SecRuleEngine On|Off|DetectionOnly * Processing Phase: Any * Scope: Any Possible values are: * On - process rules. * Off - do not process rules. * DetectionOnly - process rules but never intercept transactions, even when rules are configured to do so. Maybe mod_security people can offer better solution or you forgot to update mod_security rules and triggered some old ruleset bug. -- Tomas ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
