[RCU] [RCD] recurring problem at the level of authentication and total absence of log

gnul nullchar at gmail.com
Wed Dec 2 19:04:03 CET 2009

I have not run RoundCube under mod_security, but from what I know
about mod_security, I am sure it can be done.

mod_security simply applies a [long] list of rules to the contents of
each request (GET/POST/HEAD/etc) including the header.

Depending on your ruleset, you often have to add exceptions for
certain applications, and/or disable entire rules server-wide.  What
I've done in the past is:  tail -F error_log   while you use the
application.  Then you add exceptions for the uri (e.g. "/roundcube")
or hostname or disable certain rules inside the modsecurity*.conf

This is a sample error_log entry for a rule that matched against the uri:

[Wed Dec 02 08:05:20 2009] [error] [client 80.238.x.x] ModSecurity:
Access denied with code 500 (phase 2). Pattern match
..." at REQUEST_BASENAME. [file
"/etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf"] [line
"94"] [id "960035"] [msg "URL file extension is restricted by policy"]
[severity "CRITICAL"] [tag "POLICY/EXT_RESTRICTED"] [hostname
"www.example.com"] [uri "/_vti_bin/owssvr.dll"] [unique_id

Running mod_security is a great idea, but is kinda like running SE
Linux; it takes a lot of time to set it up for all your apps.

Good luck.

List info: http://lists.roundcube.net/users/

More information about the users mailing list