[Modsecurity] false positive for domino webmail
Michael Shinn
mike at gotroot.com
Thu Nov 2 09:05:08 EST 2006
Thank you for the report. Can you send me your audit_log entries for
this false positive? I'll work on a better exception for this issue
based on your data.
On Thu, 2006-11-02 at 11:39 +0100, Cristian Manfredini wrote:
> This rule is a false positive for domino 6.5 webmail in N-20060928-01
> version of rules.conf
>
> #Generic XSS filter
> #please report false positives
> SecFilterSelective REQUEST_URI "!/mt\.cgi" chain
> SecFilter "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
>
> Other exclusion rules are:
>
> <LocationMatch "/mail">
> SecFilterRemove 300015
> SecFilterRemove 300016
> </LocationMatch>
>
--
Michael T. Shinn KeyID:0xDAE2EC86
Key Fingerprint: 1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86
Got Root? http://www.gotroot.com
modsecurity rules: http://www.modsecurityrules.com
Troubleshooting Firewalls: http://troubleshootingfirewalls.com
More information about the Modsecurity
mailing list