Search found 7 matches
- Thu Aug 04, 2011 1:45 pm
- Forum: Atomicorp Free Modsecurity Rules
- Topic: 10_asl_rules blocking mobile Java requests
- Replies: 7
- Views: 17726
Re: 10_asl_rules blocking mobile Java requests
That did get that portion through (thanks), but now he's failing on: --- msg "Atomicorp.com UNSUPPORTED DELAYED Rules: POST request must have a Content-Length header" --- This is a mobile MIDP Java application connecting, and no matter what he tries, he cannot get it to send a Content-Leng...
- Thu Aug 04, 2011 12:08 am
- Forum: Atomicorp Free Modsecurity Rules
- Topic: 10_asl_rules blocking mobile Java requests
- Replies: 7
- Views: 17726
Re: 10_asl_rules blocking mobile Java requests
Thanks. Done.
Just waiting to hear back from that customer to see if it fixed their issue.
Out of curiosity, why does 2.6 allow that rule to be disabled?
Thx.
Just waiting to hear back from that customer to see if it fixed their issue.
Out of curiosity, why does 2.6 allow that rule to be disabled?
Thx.
- Wed Aug 03, 2011 2:29 pm
- Forum: Atomicorp Free Modsecurity Rules
- Topic: 10_asl_rules blocking mobile Java requests
- Replies: 7
- Views: 17726
Re: 10_asl_rules blocking mobile Java requests
We are using "mod_security-2.5.13-1.el5.art" from your site.
- Mon Aug 01, 2011 4:30 pm
- Forum: Atomicorp Free Modsecurity Rules
- Topic: 10_asl_rules blocking mobile Java requests
- Replies: 7
- Views: 17726
10_asl_rules blocking mobile Java requests
We have a customer that has a mobile application. Everything was working fine until we deployed mod_secuirty with Atomicorp rules. the audit log is as follows: --- --d240b57d-B-- POST /servlet/put HTTP/1.1 User-Agent: Profile/MIDP-1.0 Configuration/CLDC-1.0 UNTRUSTED/1.0 Content-Type: multipart/form...
- Mon Jul 25, 2011 10:48 pm
- Forum: Atomicorp Free Modsecurity Rules
- Topic: 11_asl_data_loss.conf and Tomcat
- Replies: 2
- Views: 7118
Re: 11_asl_data_loss.conf and Tomcat
Actually, we've discovered this one was legit and the user pasted the wrong entry into the ticket they opened with us. The issue with the Tomcat Manager module was fixed by passing a valid UserAgent string (as it was failing 20_asl_useragents.conf), and since we have a unique string that is a portio...
- Mon Jul 25, 2011 10:14 pm
- Forum: Atomicorp Free Modsecurity Rules
- Topic: mod_security and ISPmanager
- Replies: 1
- Views: 7606
mod_security and ISPmanager
It appears that because ISPmanager is called via '/manager/ispmgr', the entry for '<LocationMatch /manager/>' in 10_asl_rules.conf is causing some requests to fail, i.e., when trying to edit files in ISPmanager's File Manager, you get "You don't have permission to access /manager/ispmgr on this...
- Mon Jul 25, 2011 5:26 pm
- Forum: Atomicorp Free Modsecurity Rules
- Topic: 11_asl_data_loss.conf and Tomcat
- Replies: 2
- Views: 7118
11_asl_data_loss.conf and Tomcat
We're finding the final rule in that set has severely hampered our ability to use Tomcat. We have a custom module in our control panel that talks to the Tomcat Manager application on another server to get status info, list contexts and provide start/stop/restart control. The requests don't provide a...