[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

mod_security and secfilter

Posted on 2007-03-26
2
Medium Priority
?
285 Views
Last Modified: 2009-07-29
I just install mod_security to prevent user from typing shell command in phpshell script.
I use :

Secfilter ls
Secfiler cat
Secfilter rm

then problem come when some use wanna access their php script named "catalogue.php" and using view.php?cat=1

also user of wordpress who wanna access options-permalink.php ( rm in permalink ) in the file name.

any clue or hint to solve this problem.

thanks in advance
0
Comment
Question by:hendri2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 19

Accepted Solution

by:
BrianGEFF719 earned 2000 total points
ID: 18798057
You might try something like:

SecFilterEngine On
SecFilterScanPOST On
SecFilterSelective "SCRIPT_FILENAME" "options-permalink\.php " "allow,log,status:412"
SecFilterSelective "QUERY_STRING" "cat" "allow,log,status:412"
SecFilterSelective "SCRIPT_FILENAME" "catalogue\.php" "allow,log,status:412"
0
 
LVL 19

Expert Comment

by:BrianGEFF719
ID: 18798072
btw, that should go in your .htaccess file.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
This article shows the steps required to install WordPress on Azure. Web Apps, Mobile Apps, API Apps, or Functions, in Azure all these run in an App Service plan. WordPress is no exception and requires an App Service Plan and Database to install
The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question