On 24 May 2014, at 05:51, Rosali myroundcube@mail4us.net wrote:
[Sat May 24 02:02:51.025715 2014] [:error] [pid 14334] [client ***] ModSecurity: Access denied with code 400 (phase 1). Operator GT matched 512 at ARGS_GET:_uids such params should be POSt and not GET affects mailboxes with a lot of messages and seems to be a very new problem with RC 1.0.x
I think (not 100% sure) UID is passed with the URL to make messages cacheable.
Displaying messages -> Cache messages
That's not the point. The point it why is it a GET and not a POST, and thats a valid question. As a GET you end up with a huge parameter string, which can be mistaken for a hack attempt by things like mod_security. Of course, you could say, well dont run mod_security then, or teach it that this is valid. Which is also a good point.
I guess it depends on how difficult it would be to change. Probably not too bad id guess.
Cor