Navigation

Tags

mod_security part deuxPermalink

Tuesday Jun 23, 2009

I had another runin with an overzealous mod_sec rule today.  This time I was testing some new tags on my comment form, one of which is a code block.  When inserting any perl or python code into the block, and submitting it, mod_security flags it as an attempted command injection.  When trying to post the following(either "python" or "perl"):


<div>Python Code</div>

I get a 501, method not allowed on "python" (or "perl")

[data ";\x22>python"]

The culrpit is a pretty simple rule in modsecurity_crs_40_generic_attacks.conf, id 950006


...p(?:asswd|ython|erl|ing|s)...

Deleting "ython|erl|" was enough for me to solve that little issue.  I don't run any python or perl scripts on my server so it's not a terirble inconvenience for me to disable checking for those injection attempts, though if you do run those scripts, you may want to find another way to handle it.

Posted by Brandon
Filed under mod_security, Apache, Labs
CommentsNo comments

lab.reasonman.comPermalink

Monday May 04, 2009

I've gotten a large amount of the new site done, and it's live over at lab.reasonman.com.  Right now it's only the blog system.  Downloads and Login will give you a 404/not found.  But feel free to comment to your hearts content.  Soon that will be making it's way over to the main page, replacing the current layout/system.  Also feel free to comment over there about things mentioned here until the switch is final.

Posted by Brandon
Filed under Labs
CommentsNo comments
© 2008 - 2009 reasonman.com