Mod Security: The receiving end of your own joke.

Started by Gregg, November 18, 2008, 10:38:54 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Gregg

November 18, 2008, 10:38:54 AM Last Edit: November 18, 2008, 10:41:11 AM by glsmith
I've gone through my mod security core rules and changed most deny status codes to some of the undefined numbers. I have special error documents configured for them which Apache happily serves.

I was updating some records on a mysql database and was having no problems till this one record. All I'd get when I tried to edit it was a blank frame in phpMyAdmin. After a couple tries I finally looked at the frame source for clues, that's when I saw it, just one thing showing;

<PUTZ>

I had to laugh!

mario

#1
November 20, 2008, 11:01:02 PM
Which rule caused that cool message?

Gregg

#2
November 20, 2008, 11:09:47 PM Last Edit: November 20, 2008, 11:18:12 PM by Gregg
Let's have a look;

modsecurity_crs_40_generic_attacks.conf"] [line "75"]

remember, as I said, instead of the standard 403 I've change it to 420
ErrorDoccument 420 /error/putz.html

I will say I have had many problems with Mod Security after 2.5.4, 2.5.5 or 6 I had to not use core rules period. I'm seriously thinking of moving back to 2.5.4

Aren't you up rather late? Guss not, only 11pm there

mario

#3
November 21, 2008, 10:15:22 PM
You are right, was only 10:38pm when I replied. So I guess my offset to you is 9 hrs?

Gregg

#4
November 23, 2008, 06:53:07 PM
yes, 9 hours is correct.
Print
Go Up Pages1
User actions