I have not run RoundCube under mod_security, but from what I know about mod_security, I am sure it can be done.
mod_security simply applies a [long] list of rules to the contents
of
each request (GET/POST/HEAD/etc) including the header.
Depending on your ruleset, you often have to add exceptions for certain applications, and/or disable entire rules server-wide. What I've done in the past is: tail -F error_log while you use the application. Then you add exceptions for the uri (e.g.
"/roundcube")
or hostname or disable certain rules inside the modsecurity*.conf files.
Thank you for your interest in my problem how easy to apply new rules to mod_security ?
I think you can do it in .htaccess. But you should check with your provider.
Till
I can edit my file myself .htaccess . I have root access on the machine
Hehe...
From your log, it says the rules are in: /etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf
Edit, and restart Apache.
For inspiration: http://www.gotroot.com/mod_security+rules
Till
I'll look at these documents and I'll try to walk roundcube with mod_security
thanks _______________________________________________ List info: http://lists.roundcube.net/dev/