[RCD] [RCU] recurring problem at the level of authentication and total absence of log

fakessh fakessh at fakessh.eu
Wed Dec 2 20:52:21 CET 2009


>>>>> I have not run RoundCube under mod_security, but from what I know
>>>>> about mod_security, I am sure it can be done.
>>>>>
>>>>> mod_security simply applies a [long] list of rules to the contents
of
>>>>> each request (GET/POST/HEAD/etc) including the header.
>>>>>
>>>>> Depending on your ruleset, you often have to add exceptions for
>>>>> certain applications, and/or disable entire rules server-wide.  What
>>>>> I've done in the past is:  tail -F error_log   while you use the
>>>>> application.  Then you add exceptions for the uri (e.g.
"/roundcube")
>>>>> or hostname or disable certain rules inside the modsecurity*.conf
>>>>> files.
>>>>>
>>>>
>>>> Thank you for your interest in my problem
>>>> how easy to apply new rules to mod_security ?
>>>
>>> I think you can do it in .htaccess. But you should check with your
>>> provider.
>>>
>>> Till
>>
>>
>>
>> I can edit my file myself .htaccess .
>> I have root access on the machine
> 
> Hehe...
> 
> From your log, it says the rules are in:
> /etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf
> 
> Edit, and restart Apache.
> 
> For inspiration:
> http://www.gotroot.com/mod_security+rules
> 
> Till



I'll look at these documents and I'll try to walk roundcube with
mod_security


thanks
_______________________________________________
List info: http://lists.roundcube.net/dev/


More information about the Dev mailing list