[Owasp-modsecurity-core-rule-set] restricted extensions
James Muse
jfmtopnettlc at gmail.com
Tue May 25 11:25:47 EDT 2010
Moderator,
I am having an issue with the restricted_extensions variable and core rule
file modsecurity_crs_30_http_policy.conf line 87. One of my applications
uses the file extension .do and there appears to be a .dos in the
restricted extensions list.. The audit log shows the extension as [data
".do"] do is not in the restricted_extension list .dos is. When I remove
.dos from the restricted extensions I no longer have this issue. May be I
don't understand the within operator but do is no the same as dos. Is there
a bug here or am I doing something wrong? I think I would like to keep dos
and an extension I would like to block but it appears to be causing and
issue with my application which uses .do
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20100525/7e07483c/attachment.html
More information about the Owasp-modsecurity-core-rule-set
mailing list