Hide Forgot
Description of problem: Mod Security blocks any request by a machine requesting download content of any 'curl' RPM. getenforce = 1 enabled httpd_sys_content_t:s0 Version-Release number of selected component (if applicable): EL6.0 mod_security-2.5.12-2.el6.i686 / x86_64 httpd-2.2.15-5.el6.x86_64 /i686 How reproducible: Any Apache server with mod_security-2.5.12-2.el6.i686 / x86_64 installed. Steps to Reproduce: 1. Instal mod_security 2. SELinux Enabled 3. put the offending rpm into /var/www/html/$repo 4. Request the file Actual results: The download gets blocked Expected results: It should not block rpm content of this nature. A false positive? Additional info:
Created attachment 549231 [details] mod_sec_block mod_sec_log of request blockage.
Cross Link BZ: https://www.modsecurity.org/tracker/browse/CORERULES-78
Can you check if this issue is still reproducible with the latest mod_security and mod_security_crs from epel-testing.
Please see: https://www.modsecurity.org/tracker/browse/CORERULES-78 I will confirm the package in the EPEL Repo as soon as possible. Thanks
Hi John, I have a standard account in modsecurity jira which can not access to the report you posted: Error message: It seems that you have tried to perform an operation which you are not permitted to perform.
Any update on this issue ? Thanks in advance.
As far as I know this was fixed two years ago. The report on modsecs sight is no longer accessible either. ----- Simple test for fix: create a site in httpd and place the curl.rpm into the directory tree and if it downloads it is fixed if not it is still broken
Thanks for your input.