List Info

Thread: A little problem with excludes
A little problem with excludes
country flaguser name
Austria		 2007-10-11 04:28:54 

  


  

    Hi modsecurity list, 

I seem to have a little problem with the excludes

I have this in my Audit log: 


==6d394431==============================                                                       
Request: www.foo.com 127.0.0.1 - - [11/Oct/2007:09:25:57 +0200] "POST /index.php?option=com_cmsrealty&Itemid=4&openrealty=616374696f6e3d656469745f6c697374696e677326616d703b656469743d3336392661646d696e3d74727565 HTTP/1.1" 403 285 "http://www.foo.com/component/option,com_cmsrealty/Itemid,4/openrealty,616374696f6e3d656469745f6c697374696e677326616d703b656469743d3336392661646d696e3d74727565/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7" - "-"                                                   ----------------------------------------                                                       POST /index.php?option=com_cmsrealty&Itemid=4&openrealty=616374696f6e3d656469745f6c697374696e677326616d703b656469743d3336392661646d696e3d74727565 HTTP/1.1                                    Host: www.foo.com                                                               User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7                                                                                           Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 510
mod_security-action: 403
mod_security-message: Access denied with code 403. Pattern match "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" at POST_PAYLOAD [id "300015"] [rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"]

510
action=update_listing&;edit=369&title=Altbau-Miete&pclass%5B%5D=4&;featured=no&edit_active=yes&mlsexport=no&or_owner=9&notes=&Adresse=Staudgasse&Stadt=Wien&Postleitzahl=1180&Preis=530&betr_kosten=&miete=&full_desc=Nette+Kleine+Zimmer+und+Kabinett+Wohnung%2C+Einbauk%FCche%2C+sehr+ger%E4umig%2C+Fliesenbad%2C+Toilette+Etagenheizung.Ruhelage+und+AKH+N%E4he&Zimmer=2&Badezimmer=1&year_built=1970&sq_feet=45&status=Aktiv&;home_features%5B%5D=Einbauk%FCche&home_features%5B%5D=Gasetagenheizung&home_features%5B%5D=Lift

HTTP/1.1 403 Forbidden
Content-Length: 285
Keep-Alive: timeout=15, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
--6d394431--


but in excludes.conf I have added:

# cms_realty
<LocationMatch "/index.php?option=com_cmsrealty.*">
SecFilterRemove 300015
&lt;/LocationMatch>

I don't understand why this is still blocking. What am I doing wrong? 

Regards, Cristian


 
--
Cristian Livadaru



 


  

  
  
   
     
    






 [1]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )