[Modsecurity] Formmail
Rob Shakir
rob at catalyst2.net
Wed Apr 5 15:42:42 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mike Cardwell wrote:
> I could understand rules that blocked calls to .*/formmail.(pl|cgi|php)
> that contained newline characters in the subject/from parameters for
> example, but outright blocking of any uri that matches .*/formmail.pl
> seems like overkill to me.
I agree that this does seem to be a little overkill - the rule seems to
be a little too general. It is true that there are problems with
formmail scripts, but it is not a problem with _all_ formmail scripts,
on all hosting platforms.
Perhaps the question is actually, whether a rule of this nature should
be removed from the general distribution, or removed by the server
administrator? This really depends on the reach of the rules - to be "on
the safe side" it should probably be left in, and removed by an
administrator who feels that their setup is formmail-safe.
Just my £0.02.
Rob
- --
Rob Shakir - <rob at catalyst2.net>
Technical Manager - Catalyst2 Services Ltd.
PGP Key ID: 0xC07E6DEB / RIPE: RJS-RIPE
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFENB2yIbIhVcB+besRAhClAJ4n4CMArTWrxx4EcMhCcfOL4NOUywCcCesP
wJkp8a/q5DNbou/wZpKYrl0=
=/+7G
-----END PGP SIGNATURE-----
More information about the Modsecurity
mailing list