general mod_security related issues...
Code:
<IfModule mod_security.c> SecFilterEngine On #SecFilterSelective REMOTE_ADDR ^MYIP$ nolog,allow # below I was watching the logs as I triggered things, but allowed anyway... #SecFilterSelective REMOTE_ADDR ^MYIP$ allow SecFilterCheckURLEncoding On SecFilterForceByteRange 0 255 SecAuditEngine RelevantOnly SecAuditLog /usr/home/WEBLOGS/modsec_audit_log SecFilterDebugLog /usr/home/WEBLOGS/modsec_debug_log SecFilterDebugLevel 0 SecFilterScanPOST On SecFilterDefaultAction "deny,log,status:406" SecFilter /bup/ SecFilter /boot SecFilter /dev SecFilter /etc SecFilter /initrd SecFilter /lib SecFilter /lost+found #SecFilter /misc SecFilter /mnt SecFilter /proc SecFilter /root SecFilter /sbin SecFilter /scripts SecFilter /tmp SecFilter /usr/local/apache SecFilter /usr/local/cpanel SecFilter /usr/local/mysql SecFilter /var SecFilter /boot/ SecFilter /dev/ SecFilter /etc/ SecFilter /initrd/ SecFilter /lib/ SecFilter /lost+found/ #SecFilter /misc/ SecFilter /mnt/ SecFilter /proc/ SecFilter /root/ SecFilter /sbin/ SecFilter /scripts/ SecFilter /tmp/ SecFilter /usr/local/apache/ SecFilter /usr/local/cpanel/ SecFilter /usr/local/mysql/ SecFilter /var/ SecFilter /bin/cc SecFilter /bin/gcc SecFilter "<[[pace:]]*script" #SecFilter "<(.|\n)+>" SecFilter "delete[[pace:]]+from" SecFilter "insert[[pace:]]+into" SecFilter "select.+from" SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$" </IfModule>
Upon posting a message it triggered the following:
Code:
Access denied with code 406. Pattern match "<(.|\\n)+>" at POST_PAYLOAD
What kind of attacks would you be subject to with that uncommented?
What about with /misc and /misc/ uncommented?
