Bug 244015
Summary: | mod_security false positive: /etc-directory on a documentation wiki | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jari Turkia <redhat-bugzilla> |
Component: | mod_security | Assignee: | Michael Fleming <mfleming+rpm> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 7 | CC: | redhat-bugzilla |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-06-19 10:19:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jari Turkia
2007-06-13 12:22:59 UTC
This is the correct and expected behaviour of the modsecurity Core Rules and not something specific to the package or Fedora - you might be wise to sign up for the mailing list (or at least check the archives) at www.modsecurity.org The app passed "/etc" as an ARG. which tripped up rule 005 in modsecurity_crs_40_generic_attacks.conf. You can add the following at a <Directory> level in your Apache config to stop this for your wiki location (without disabling it globally and still catching any bogus traffic..) <Directory "/path/to/mediawiki"> SecRuleEngine DetectionOnly SecAuditEngine Off # or RelevantOnly </Directory> You could comment the rule in modsecurity_crs_40_generic_attacks.conf, at a loss of some protection all around (not advisable ;-)) |