Re: protecting against exploiting mail forms
Hello Luc,
Saturday, November 19, 2005, 19:32:47, Luc Stroobant wrote:
LS> SecFilter "To\:"
LS> SecFilter "to\:"
LS> SecFilter "From\:"
LS> SecFilter "from\:"
LS> SecFilter "Cc\:"
LS> SecFilter "cc\:"
LS> SecFilter "Bcc\:"
LS> SecFilter "bcc\:"
These break a lot other scripts (including webmail). It matches for
example text "mailto:something" and many other. I have modified it
by prepending "\n" to each of this and for now it seems ok.
But I had to enable SecFilterScanPOST and it breaks some more
things... Do you know what this error means?
Error: chunked Transfer-Encoding forbidden: /chat/f_upload.php
mod_security-message: Access denied with code 500. ap_setup_client_block failed with 411
It seems like file upload from a mobile phone, but I don't know why
it had failed.
LS> (but you should try to secure the forms first off course!)
My forms are secure :) but I can't test forms of all our
customers...
--
bYE, Marki
Reply to: