Le Ven 6 août 2010 19:40, Tomas Kuliavas a écrit : > 2010.08.06 11:22 Laurent HENRY raÅ¡Ä?: >> Le Friday 06 August 2010 09:00:12 Tomas Kuliavas, vous avez écrit : >>> 2010.08.05 18:48 Laurent HENRY raÅ¡Ä?: >>> > Hello, >>> > I try to make squirrelmail 1.4.21 and modsecurity2 work together. >>> > >>> > I am triggering a false positive while trying to send a mail. >>> > >>> > ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" >>> > against "MULTIPART_UNMATCHED_BOUNDARY" required. >>> > [file "/etc/apache2/conf.d/mod_security2.conf"] [line "59"] [msg >>> > "Multipart >>> > parser detected a possible unmatched boundary."] [hostname >>> > "sepik.ehess.fr"] >>> > [uri "/mailnew/src/compose.php"] [unique_id >>> "TFpfJ38AAAIAAHIKYZ0AAAAK"] >>> > >>> > >>> > Googling around this i find similar with Horde: >>> > http://comments.gmane.org/gmane.comp.apache.mod-security.user/6171 >>> > >>> > Does anyone have find any good solution ? >>> >>> Disable mod_security for src/compose.php or entire SquirrelMail. >>> >>> SquirrelMail is webmail. Its compose form can trigger false positives >>> in >>> mod_security or other filters that try to catch PHP mail() form >>> exploits. >>> In webmail posted email body can contain anything. Including things >>> that >>> look like PHP mail() form exploit. >> >> Well, thanks, i thought about it. >> >> BTW, it is a radical workaround ! >> >> i don't know how to disable an apache module inside a single vhost or a >> directory > > I don't use mod_security. If I understand documentation correctly, > "SecRuleEngine DetectionOnly" in <directory> or virtual host section > disables mod_security for selected vhost or directory. > > http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/html-multipage/configuration-directives.html#N10B39 > > SecRuleEngine > * Description: Configures the rules engine. > * Syntax: SecRuleEngine On|Off|DetectionOnly > * Processing Phase: Any > * Scope: Any > > Possible values are: > * On - process rules. > * Off - do not process rules. > * DetectionOnly - process rules but never intercept transactions, even > when rules are configured to do so. > > > Maybe mod_security people can offer better solution or you forgot to > update mod_security rules and triggered some old ruleset bug. > > -- > Tomas > Yes, SecRuleEngine DetectionOnly in the squirrelmail vhost permit me to compose. I am a bit surprised no one use modsecurity2 and squirrelmail at the same time Thank you very much Tomas ! ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
