I've been pulling my hair out with this, and have googled extensively but can't seem to find the solution.
I'm using mod_sec with the delayed APL rules on a ubuntu 10.04 LAMP setup.
It scans and intercepts malicious $_POST payload perfectly on my test page.
However it refuses to intercept $_POST payload on some pages. The problem is with $_POST array fields such as test[] in the example below:
Code: Select all
<input type="text" name="alpha" />
<br />
<br />
<input type="text" name="test[]" />
<br />
<br />
<input type="text" name="test[]" />
1) starting or not starting the session has no effect on this peculiar behaviour
2) not loading or loading AJAX or CSS files makes no difference.
3) putting the test page in the same folder as the problem page makes no difference.(the test page continues to be intercepted normally)
4) var_dump of $_POST looks the same for both test page and problem page.
I'll add a rawdump of the $_POST data as well.
It seems like I'm not doing something simple.
Thanks for any help.