httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Grant Peel" <>
Subject [users@httpd] mod_security
Date Fri, 19 Oct 2007 13:48:59 GMT
Hi all,

I installed mod_security yesterday on one server and am in the process of

Along with mod_security itself, I have installed  a number of rules, most of
which are not causing any issues. The two below are causing some problems

Number one seems to do its job too well as it breaks any URL pages that use
../../ etc. Our clients use those in a number of places, most of which are
image loading i.e. <img = "../../images/myimage.gif">

Any ideas on how I can re enable it and not break realative links like the
one above?

    # 1. Prevent path traversal (..) attacks
#    SecFilter "../"

The second one breaks the ability to read an email in Openwebmail (v2.51).
Any ideas on this?

    # 2. Prevent XSS atacks (HTML/Javascript injection)
#    SecFilter "<(.|n)+>"



The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message