Re: protecting against exploiting mail forms

To: debian-isp@lists.debian.org
Subject: Re: protecting against exploiting mail forms
From: Marek Podmaka <marki@onee.sk>
Date: Wed, 23 Nov 2005 00:38:47 +0100
Message-id: <[🔎] 1741166728.20051123003847@onee.sk>
Reply-to: Marek Podmaka <marki@onee.sk>
In-reply-to: <[🔎] 437F6FCF.4010109@stroobant.be>
References: <[🔎] 1425852874.20051119121720@onee.sk> <[🔎] 437F6FCF.4010109@stroobant.be>

Hello Luc,

Saturday, November 19, 2005, 19:32:47, Luc Stroobant wrote:

LS> SecFilter "To\:"
LS> SecFilter "to\:"
LS> SecFilter "From\:"
LS> SecFilter "from\:"
LS> SecFilter "Cc\:"
LS> SecFilter "cc\:"
LS> SecFilter "Bcc\:"
LS> SecFilter "bcc\:"

  These break a lot other scripts (including webmail). It matches for
  example text "mailto:something"; and many other. I have modified it
  by prepending "\n" to each of this and for now it seems ok.

  But I had to enable SecFilterScanPOST and it breaks some more
  things... Do you know what this error means?

Error: chunked Transfer-Encoding forbidden: /chat/f_upload.php
mod_security-message: Access denied with code 500. ap_setup_client_block failed with 411

  It seems like file upload from a mobile phone, but I don't know why
  it had failed.

LS> (but you should try to secure the forms first off course!)

  My forms are secure :) but I can't test forms of all our
  customers...


-- 
  bYE, Marki

Reply to:

Follow-Ups:
- Re: protecting against exploiting mail forms
  - From: Luc Stroobant <debian@stroobant.be>

References:
- protecting against exploiting mail forms
  - From: Marek Podmaka <marki@onee.sk>
- Re: protecting against exploiting mail forms
  - From: Luc Stroobant <debian@stroobant.be>

Prev by Date: New web admin interface in developpement
Next by Date: Re: Email cluster
Previous by thread: Re: protecting against exploiting mail forms
Next by thread: Re: protecting against exploiting mail forms
Index(es):
- Date
- Thread