[Modsecurity] Page blocked by miscoding in sugarcrm

Steve Cox Steve.Cox at mergermarket.com
Thu Jun 22 05:10:24 EDT 2006 

It's pretty much the standard gotroot rule-set for apache2 with a few
extra exceptions for local false positives caused when entering data
into sugarcrm. I'm running version 1.8.7 so it's a bit behind but it's
the current deb install for Ubuntu5.10.

Could you tell me how to disable modsecurity for that URL - or more
sepecfically, the leading part of the URL?

IE

/sugarcrm/index.php?module=Contacts&action=index&query=true

Many thanks

-----Original Message-----
From: Michael Shinn [mailto:mike at gotroot.com] 
Sent: 21 June 2006 22:36
To: Steve Cox
Subject: Re: [Modsecurity] Page blocked by miscoding in sugarcrm

Its internal to modsecurity, so its not a rule.  You may have to turn
off modsec for that URL.  What does your modsec config look like?

On Wed, 2006-06-21 at 11:27 +0100, Steve Cox wrote:
> Hi,
> 
> I'm getting the following error in the apache error log:
> 
> [Wed Jun 21 11:11:47 2006] [error] [client ww.xx.yy.zz] mod_security:
> Access denied with code 500. Error normalizing REQUEST_URI: Invalid
URL
> encoding detected: invalid characters used [hostname
> "server.mysite.com"] [uri
>
"/sugarcrm/index.php?module=Contacts&action=index&query=true&advanced=tr
> ue&button=Search&email=%&Contacts_CONTACT_offset=-100"]
> 
> 
> 
> The actual problem is with the php code in sugarcrm - generating the
> segment "&email=%&" rather than "&email=%25&"
> 
> I'm looking to have that fixed, but in the meantime, can anybody let
be
> know the rule that would cause this so I can add a temporary entry to
> exclude.conf for this URL
> 
> Thanks
> Steve
> 
> _______________________________________________
> Modsecurity mailing list
> Modsecurity at gotroot.com
> http://lists.gotroot.com/mailman/listinfo/modsecurity
-- 
Michael T. Shinn                                    KeyID:0xDAE2EC86
Key Fingerprint:  1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86
  
Got Root?  http://www.gotroot.com
modsecurity rules: http://www.modsecurityrules.com
Troubleshooting Firewalls:  http://troubleshootingfirewalls.com

More information about the Modsecurity mailing list