Forums / General / modsecurity and eZ Publish

modsecurity and eZ Publish

Previous topic

General

Next topic

Author	Message
James Ward	Tuesday 07 August 2007 10:07:35 am Hi All, I recently setup a new hosting server with modsecurity. I've noticed eZ Publish triggers a few security alerts and prevents user access. If anyone has a list of rules which should be excluded for eZ Publish I would love to see it. Here is what I have excluded so far: id: 950004 msg "Cross-site Scripting (XSS) Attack. Matched signature <src=\"http:>" id: 950006 msg "System Command Injection. Matched signature <cmd/c>" id: 950910 msg "HTTP Response Splitting Attack. Matched signature <%0a>" If you know of more or if you think these are not being triggered by eZ Publish please share your experience. Cheers! working at www.wardnet.com blogging at www.jamesward.ca

Author

Message

James Ward

Tuesday 07 August 2007 10:07:35 am

Hi All,
I recently setup a new hosting server with modsecurity. I've noticed eZ Publish triggers a few security alerts and prevents user access. If anyone has a list of rules which should be excluded for eZ Publish I would love to see it. Here is what I have excluded so far:

id: 950004 msg "Cross-site Scripting (XSS) Attack. Matched signature <src=\"http:>"
id: 950006 msg "System Command Injection. Matched signature <cmd/c>"
id: 950910 msg "HTTP Response Splitting Attack. Matched signature <%0a>"

If you know of more or if you think these are not being triggered by eZ Publish please share your experience.

Cheers!

working at www.wardnet.com
blogging at www.jamesward.ca