On Wed, 2 Dec 2009 20:22:40 +0100, till klimpong@gmail.com wrote:

On Wed, Dec 2, 2009 at 8:11 PM, fakessh fakessh@fakessh.eu wrote:

...

On Wed, 2 Dec 2009 11:04:03 -0700, gnul nullchar@gmail.com wrote:

...

I have not run RoundCube under mod_security, but from what I know about mod_security, I am sure it can be done.

mod_security simply applies a [long] list of rules to the contents of each request (GET/POST/HEAD/etc) including the header.

Depending on your ruleset, you often have to add exceptions for certain applications, and/or disable entire rules server-wide.  What I've done in the past is:  tail -F error_log   while you use the application.  Then you add exceptions for the uri (e.g. "/roundcube") or hostname or disable certain rules inside the modsecurity*.conf files.

Thank you for your interest in my problem how easy to apply new rules to mod_security ?

I think you can do it in .htaccess. But you should check with your provider.

Till

I can edit my file myself .htaccess . I have root access on the machine _______________________________________________ List info: http://lists.roundcube.net/users/