Bug 203972
| Summary: | Possible small mistake in one of the default filters | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Raoul <xraoul> |
| Component: | mod_security | Assignee: | Michael Fleming <mfleming+rpm> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5 | CC: | extras-qa |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-09-03 06:44:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in FC6/devel, will backport time permitting (and that our users haven't already changed it / put in custom rules etc. that do the same/better job) |
Description of problem: The /etc/httpd/conf.d/mod_security.conf config file contains the following filter chain: SecFilterSelective REQUEST_METHOD "!^GET$" chain SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)" After some tests, it seems that the $ trailing character in '''^application/x-www-form-urlencoded$''' results in false positive matches in the case that the "Content-Type" HTTP header is for example: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 So, i believe that the filter should include: ^application/x-www-form-urlencoded instead of : ^application/x-www-form-urlencoded$ Version-Release number of selected component (if applicable): 1.9.4-1.fc5 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: