Hi Phil,
Thanks for your reply. Roundcube did something funny with it though. Now that I've hit reply I can see what your wrote. I'll check the archive later to see if I missed anything.
Sorry, I meant to put more information in and forgot. I'm running a default install of Fedora Core 5 with Apache2, PHP5, MySQL, Dovecot and sendmail. I'm also only using the beta version of Roundcube.
As to the ruleset, I'm using those from gotroot which can be found here. http://www.gotroot.com/mod_security+rules but not all. I have added the following to the base rules in mod_security.conf. Using them all can load up your server. The error logs seem to relate to useragents. You could try just that file if the rest are too hard on your server.
Include /etc/httpd/modsec/apache2-rules.conf
Include /etc/httpd/modsec/rules.conf
Include /etc/httpd/modsec/rootkits.conf
Include /etc/httpd/modsec/useragents.conf
Include /etc/httpd/modsec/recons.conf
Include /etc/httpd/modsec/badips.conf
# Include /etc/httpd/modsec/blacklist.conf Include /etc/httpd/modsec/blacklist2.conf Include /etc/httpd/modsec/jitp.conf # Include /etc/httpd/modsec/proxy.conf
I should highlight I've only seen it the once, you might end up waiting a long time to see it happen if at all.
Regards,
Robert.
PS as to the display problem of the email, instead of seeing Phil's reply I see this bit of code. I've attached the source of his reply as well.
__removed="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Thu, 4 Jan 2007 08:28:04 -0600, "Phil Cryer" phil.cryer@gmail.com wrote:
On 1/3/07, Robert Bertram kraekan@westnet.com.au wrote:
, Hi,
I am wondering if anyone uses Roundcube with mod_security on Apache? I
got
some 406's from logwatch this morning.
Requests with error response codes 406 Not Acceptable snip< /?_task=mail&_action=spell〈=en: 3 Time(s)
The previous day while writing some emails I ran the spell checker to
get
an error message indicating a problem with the server. The relating
error
logs point to IP's in South East Asia.
Mod_security seems to be doing its job but I wondering if anyone with
more
experience that myself has noticed this as well? And if it's a problem? Could just be a problem with the Google servers?
I have not seen this, however I haven't been on Roundcube with an SVN lately. What version are you running? Are you running any custom rules in mod_security, or just the core? I have it installed/running, but haven't plugged in any custom rules yet, but am happy to try and reproduce (freebsd, apache2, mod_sec, php5, mysql5)
P
All seems fine today. Spell check runs fine.
Regards,
Robert.
-
Robert Bertram