| Author |
|
eschaefera
Joined: 06 Apr 2010
Posts: 5
|
 Posted: Tue 06 Apr '10 3:27 Post subject: mod_security.... |
 |
|
I'll need to execute an .asp page with this code:
Response.AddHeader "Content-Type", "application/pdf"
Response.AddHeader "Content-Disposition", + method + ";filename=" + docname
Response.BinaryWrite(data)
Response.End()
%>
but the reverse proxy prevent the execution, problem with the "content-type"....say "access forbidden"
in my configuration I'll have this:
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data;)"
What i'll need to do to fix this..?
thanks. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Tue 06 Apr '10 4:54 Post subject: |
|
|
No guarantee
have you tried adding
|^application/pdf to the content types allowed?
SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data|^application/pdf;)"
These seem like input filters to me but I'm not very good with the rules.
If mod_security is stopping it, there should be something in the error log with the line number of the rule in the config file causing the problem. |
|
| Back to top |
|
eschaefera
Joined: 06 Apr 2010
Posts: 5
|
| Posted: Tue 06 Apr '10 6:31 Post subject: |
|
|
I'll get this error now:
Mon Apr 05 23:28:12 2010] [error] [client 192.168.1.72] mod_security: Access denied with code 403. Pattern match "!(^application/x-www-form-urlencoded$|^multipart/form-data;|^application/pdf;)" at HEADER("Content-Type") [hostname "apache.isocraft.com"] [uri "/cal/create.asp?name=retiro.pdf&method=attachment"] |
|
| Back to top |
|
eschaefera
Joined: 06 Apr 2010
Posts: 5
|
| Posted: Tue 06 Apr '10 6:52 Post subject: |
|
|
I'll see.... the problem is the reverse stop this:
"/cal/create.asp?name=retiro.pdf&method=attachment"
What would I need to add on my configuration so that "mod_security" permits to execute the .asp pages with this arguments.
thanks in advance. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Tue 06 Apr '10 7:37 Post subject: |
|
|
my line:
SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data|^application/pdf;)"
your line:
SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data;|^application/pdf;)"
notice the red semi-colon |
|
| Back to top |
|
eschaefera
Joined: 06 Apr 2010
Posts: 5
|
| Posted: Tue 06 Apr '10 8:21 Post subject: |
|
|
ok..sorry.. i'll fix it; still the same problem
[Tue Apr 06 01:16:53 2010] [error] [client 192.168.1.72] mod_security: Access denied with code 403. Pattern match "!(^application/x-www-form-urlencoded$|^multipart/form-data|^application/pdf;)" at HEADER("Content-Type") [hostname "apache.isocraft.com"] [uri "/cal/create.asp?name=retiro.pdf&method=attachment"] |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
|
| Back to top |
|
eschaefera
Joined: 06 Apr 2010
Posts: 5
|
| Posted: Wed 07 Apr '10 16:36 Post subject: |
|
|
| ok..thanks for you help |
|
| Back to top |
|
