[Modsecurity] Actinic Callback problem
Mike Cardwell
modsecurity at blubbernet.com
Mon Apr 10 10:10:18 EDT 2006
* on the Tue, Apr 04, 2006 at 03:54:08PM +0100, Mike Cardwell wrote:
> I have a customer that is using Actinic, along with actinicsecure.com.
> During the order process actinicsecure.com does a callback to the server
> presumably to send details about the status of the credit card
> transaction. Unfortunately mod_security catches the posted data and
> blocks it. This happens *every* time. Below is the log entry:
In case anyone's interested, and for the sake of list archives, I got
around this problem with the following exclude rule:
<LocationMatch "/cgi-bin/os\d+\.pl">
SetEnvIf User-Agent "^Catalog/[\d\.]+$" MODSEC_ENABLE=Off
</LocationMatch>
It had to be done this way because the hit was being filtered before it
even got to the main body of rules, due to the POST data sent being badly
encoded.
Mike
--
Digital photo printing: http://www.fotoserve.com/
More information about the Modsecurity
mailing list