headers
Ivan Ristic | 2 Sep 18:01
Picon

Re: [question] console.conf

It was originally designed to control the console (as in stop,
restart, reload, etc). I don't think it is used any more, though.

On Tue, Sep 2, 2008 at 2:13 PM, Samuel Salson <samuel.salson <at> midian.fr> wrote:
> hello all,
>
> I have this in my console.conf
>
> <Service remoteControl
> com.thinkingstone.juggler.components.XmlRpcRemoteControlService>
>        Property port "8887"
>        Property adminNetwork "127.0.0.1"
>        Property password "relgguj"
>
> what is it ?
>
> thanks
>
> samuel.
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
(Continue reading)

Permalink | Reply |
headers
Samuel Salson | 2 Sep 18:20
Picon

Re: [question] console.conf

OK thanks Ivan

Ivan Ristic a écrit :
> It was originally designed to control the console (as in stop,
> restart, reload, etc). I don't think it is used any more, though.
>
> On Tue, Sep 2, 2008 at 2:13 PM, Samuel Salson <samuel.salson <at> midian.fr> wrote:
>   
>> hello all,
>>
>> I have this in my console.conf
>>
>> <Service remoteControl
>> com.thinkingstone.juggler.components.XmlRpcRemoteControlService>
>>        Property port "8887"
>>        Property adminNetwork "127.0.0.1"
>>        Property password "relgguj"
>>
>> what is it ?
>>
>> thanks
>>
>> samuel.
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>> Build the coolest Linux based applications with Moblin SDK & win great prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
(Continue reading)

Permalink | Reply |
headers
Denver Prophit Jr | 2 Sep 23:08

mod-sec cpanel 2.14

The problem:

Access denied with code 406 (phase 2). Pattern match
"\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:topic. [id "950107"] [msg "URL
Encoding Abuse Attack Attempt"] [severity "WARNING"]

/lounge/index.php?topic=224.msg%25msg_id%25 HTTP/1.1

--3ed49e0f-A-- [02/Sep/2008:13:56:11 --0400] b21XNkPh8MAAAA3JRCkAAAAA
66.249.71.103 43051 67.225.240.251 80 --3ed49e0f-B-- GET
/lounge/index.php?topic=269.msg%msg_id% HTTP/1.1 Host:
oscommerceuniversity.com Connection: Keep-alive Accept: */* From:
googlebot(at)googlebot.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1;
+http://www.google.com/bot.html) Accept-Encoding: gzip,deflate

How can we modify this rule to allow googlebot?

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Permalink | Reply |
headers
Christian Bockermann | 2 Sep 23:50

Re: mod-sec cpanel 2.14

You could of course disable that rule for a specific URL.

Moreover I would suggest to closely looking at the application: Does it
really want to present a URL like this?

       /lounge/index.php?topic=224.msg%msg_id%

This somehow looks as if a variable "msg_id" in some scripting  
language did
not get evaluated. I'm not familiar with cpanel, but from experiences  
in web
application development, this looks weird to me.

Otherwise, you would need to exclude the parameter "topic" for this  
specific
url from the rule 950107.

Regards,
     Chris

Am 02.09.2008 um 23:08 schrieb Denver Prophit Jr:

> The problem:
>
> Access denied with code 406 (phase 2). Pattern match
> "\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:topic. [id "950107"]  
> [msg "URL
> Encoding Abuse Attack Attempt"] [severity "WARNING"]
>
> /lounge/index.php?topic=224.msg%25msg_id%25 HTTP/1.1
(Continue reading)

Permalink | Reply |

Gmane