Bug 203972 - Possible small mistake in one of the default filters
Possible small mistake in one of the default filters
Product: Fedora
Classification: Fedora
Component: mod_security (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Michael Fleming
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2006-08-24 15:07 EDT by Raoul
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-09-03 02:44:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Raoul 2006-08-24 15:07:29 EDT
Description of problem:

The /etc/httpd/conf.d/mod_security.conf config file contains the following
filter chain:

    SecFilterSelective REQUEST_METHOD "!^GET$" chain
    SecFilterSelective HTTP_Content-Type

After some tests, it seems that the $ trailing character in
'''^application/x-www-form-urlencoded$''' results in false positive matches in
the case that the "Content-Type" HTTP header is for example:

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

So, i believe that the filter should include:


instead of :


Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Michael Fleming 2006-09-03 02:44:22 EDT
Fixed in FC6/devel, will backport time permitting (and that our users haven't
already changed it / put in custom rules etc. that do the same/better job)

Note You need to log in before you can comment on or make changes to this bug.