18 Jun 23:11
Updated to 2.5
From: Grant Peel <gpeel <at> thenetnow.com>
Subject: Updated to 2.5
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-06-18 21:12:13 GMT
Subject: Updated to 2.5
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-06-18 21:12:13 GMT
Hi all, I recently upgraded one of our servers from mod_sec 1.9 to 2.5. Since then, I have been bombarded with emails from the company that leases the server from regarding issues that their clients are seeing. Anything from OpenWebmail not being allowed to send mails, to PHP pages not beeing sent (Access Denied). I have done some troubleshooting and remarked out a number of rules, along with jacking up the allowed body response size. My question is: Is there a known set of rules that can be adjused or removed, (a list of them if you will), that allows a webserver to run in a reasonable liberal mode, while still maintaining the XSS etc protection? Any comments regarding what rules had to be adjusted will be quite welcomed. -Grant ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
RSS Feed