Bonjour !
J'ai mis SecFilterCheckUnicodeEncoding à Off et cela fonctionne !
Merci beaucoup ! :)
Reste un autre problème avec les téléchargements :
[quote]This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.[/quote]
Je cherche ce qui pourrait poser problème.
Voici le fichier modsec.conf :
[quote]
SecFilter "/bin/sh"
SecFilter "/bin/bash"
SecFilter "/bin/tclsh"
SecFilter "/bin/ls"
SecFilter "/bin/echo"
SecFilter "/bin/python"
SecFilter "/bin/kill"
SecFilter "/bin/chmod"
SecFilter "/bin/cc"
SecFilter "/bin/gcc"
SecFilter "/chgrp"
SecFilter "/chown"
SecFilter "/etc/passwd"
SecFilter "/boot"
SecFilter "/etc"
SecFilter "/initrd"
SecFilter "/lost+found"
SecFilter "/mnt"
SecFilter "/proc"
SecFilter "/root"
SecFilter "/sbin"
SecFilter "/var"
SecFilter "/usr/local/apache"
SecFilter "/usr/local/mysql"
SecFilter "/usr/X11R6/bin/xterm"
SecFilter "/etc/inetd\.conf" log,pass
SecFilter "/etc/shadow" log,pass
SecFilter "visualcoders\.net/spy\.gif\?\&cmd"
SecFilter "conf/httpd\.conf" log,pass
SecFilter "HTTP/1\.1 403"
SecFilter "cmd32\.exe"
SecFilter "cmd\.exe"
SecFilter "\.cmd\?&"
SecFilter "document\.domain\("
SecFilter "javascript\://"
SecFilter "img src=javascript"
SecFilter "_PHPLIB[libdir]"
## -- PHP --------------------------------------------------------------------
# Allow only letters, digits, underscore, and square brackets (for arrays)
# in variable names
#
SecFilterSelective ARGS_NAMES "!^[][a-zA-Z0-9_]+$"
# GLOBALS attack against PHP 4.x
#
SecFilterSelective ARGS_NAMES "(^globals\[|^globals$)"
# URL in a parameter, possible allow_url_fopen attack
#
SecFilterSelective ARGS_VALUES "^http:/"
# Possible code execution attack (targets valid PHP streams constructs)
# see http://www.securityfocus.com/bid/10427
#
SecFilterSelective ARGS_NAMES "^php:/"
## -- SQL Injection Attacks --------------------------------------------------
SecFilterSignatureAction "log,pass,msg:'SQL Injection attack'"
# Generic
SecFilterSelective ARGS "delete[[:space:]]+from"
SecFilterSelective ARGS "drop[[:space:]]+database"
SecFilterSelective ARGS "drop[[:space:]]+table"
SecFilterSelective ARGS "drop[[:space:]]+column"
SecFilterSelective ARGS "drop[[:space:]]+procedure"
SecFilterSelective ARGS "create[[:space:]]+table"
SecFilterSelective ARGS "update.+set.+="
SecFilterSelective ARGS "insert[[:space:]]+into.+values"
SecFilterSelective ARGS "select.+from"
SecFilterSelective ARGS "bulk[[:space:]]+insert"
SecFilterSelective ARGS "union.+select"
SecFilterSelective ARGS "or.+1[[:space:]]*=[[:space:]]1"
SecFilterSelective ARGS "alter[[:space:]]+table"
SecFilterSelective ARGS "or 1=1--'"
SecFilterSelective ARGS "'.+--"
# MS SQL
SecFilterSelective ARGS "exec.+xp_"
SecFilterSelective ARGS "exec.+sp_"
SecFilterSelective ARGS "@@[[:alnum:]]+"
SecFilterSelective ARGS ";--"
SecFilterSelective ARGS "exec[[:space:]]*\("
SecFilterSelective ARGS "openquery"
SecFilterSelective ARGS "openrowset"
SecFilterSelective ARGS "msdasql"
SecFilterSelective ARGS "sqloledb"
SecFilterSelective ARGS "sysobjects"
SecFilterSelective ARGS "syscolumns"
SecFilterSelective ARGS "syslogins"
SecFilterSelective ARGS "sysxlogins"
SecFilterSelective ARGS "select.+=[[:space:]]*0x[0-9a-zA-Z]+"
SecFilterSelective ARGS "char[[:space:]]*\([[:space:]]*0x[0-9a-zA-Z]+[[:space:]]*\)"
# MySQL
SecFilterSelective ARGS "into[[:space:]]+outfile"
SecFilterSelective ARGS "load[[:space:]]+data
SecFilterSelective ARGS "/\*.+\*/"
# MS Access
SecFilterSelective ARGS "MSysACEs"
SecFilterSelective ARGS "MSysObjects"
SecFilterSelective ARGS "MSysQueries"
SecFilterSelective ARGS "MSysRelationships"
## -- XSS Attacks ------------------------------------------------------------
SecFilterSignatureAction "log,pass,msg:'XSS attack'"
SecFilterSelective ARGS "alert[[:space:]]*\("
SecFilterSelective ARGS "&#[[0-9a-fA-F]]{2}"
SecFilterSelective ARGS "eval[[:space:]]*\("
SecFilterSelective ARGS "onKeyUp"
SecFilterSelective ARGS "\x5cx[0-9a-fA-F]{2}"
SecFilterSelective ARGS "fromCharCode"
SecFilterSelective ARGS "&\{.+\}"
SecFilterSelective ARGS "<.+>"
SecFilterSelective ARGS "javascript:"
SecFilterSelective ARGS "vbscript:"
SecFilterSelective ARGS "http-equiv"
SecFilterSelective ARGS "-->"
SecFilterSelective ARGS "expression[[:space:]]*\("
SecFilterSelective ARGS "url[[:space:]]*\("
SecFilterSelective ARGS "innerHTML"
SecFilterSelective ARGS "document\.body"
SecFilterSelective ARGS "document\.cookie"
SecFilterSelective ARGS "document\.location"
SecFilterSelective ARGS "document\.write"
SecFilterSelective ARGS "style[[:space:]]*="
SecFilterSelective ARGS "dynsrc"
SecFilterSelective ARGS_VALUES "jsessionid"
SecFilterSelective ARGS_VALUES "phpsessid"
# HTML tags frequently used for attacks
SecFilterSelective ARGS "<applet"
SecFilterSelective ARGS "<div"
SecFilterSelective ARGS "<embed"
SecFilterSelective ARGS "<iframe"
SecFilterSelective ARGS "<img"
SecFilterSelective ARGS "<meta"
SecFilterSelective ARGS "<object"
SecFilterSelective ARGS "<script"
SecFilterSelective ARGS "<textarea"
# JavaScript event handlers
SecFilterSelective ARGS "onAbort"
SecFilterSelective ARGS "onBlur"
SecFilterSelective ARGS "onChange"
SecFilterSelective ARGS "onClick"
SecFilterSelective ARGS "onDblClick"
SecFilterSelective ARGS "onDragDrop"
SecFilterSelective ARGS "onError"
SecFilterSelective ARGS "onFocus"
SecFilterSelective ARGS "onKeyDown"
SecFilterSelective ARGS "onKeyPress"
SecFilterSelective ARGS "onLoad"
SecFilterSelective ARGS "onMouseDown"
SecFilterSelective ARGS "onMouseOut"
SecFilterSelective ARGS "onMouseOver"
SecFilterSelective ARGS "onMouseUp"
SecFilterSelective ARGS "onMove"
SecFilterSelective ARGS "onReset"
SecFilterSelective ARGS "onResize"
SecFilterSelective ARGS "onSelect"
SecFilterSelective ARGS "onSubmit"
SecFilterSelective ARGS "onUnload"
# XmlHttp
SecFilterSelective ARGS "onReadyStateChange"
SecFilterSelective ARGS "xmlHttp"
## -- Command execution ------------------------------------------------------
SecFilterSignatureAction "log,pass,msg:'Command execution attack'"
#SecFilterSelective ARGS_VALUES "^(uname|id|ls|cat|rm|kill|mail)"
#SecFilterSelective ARGS_VALUES "^(ls|id|pwd|wget)"
SecFilterSelective ARGS_VALUES ";[[:space:]]*(ls|id|pwd|wget)"
## -- LDAP injection ---------------------------------------------------------
SecFilterSignatureAction "log,pass,msg:'LDAP injection attack'"
SecFilterSelective ARGS "objectClass"
SecFilterSelective ARGS "objectCategory"
SecFilterSelective ARGS "\)\(\|"
SecFilterSelective ARGS "\)\(!"
SecFilterSelective ARGS "\)\(&"
## -- SSI injection ----------------------------------------------------------
SecFilterSignatureAction "log,pass,msg:'SSI injection attack'"
SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*exec"
SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*cmd"
SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*echo"
SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*include"
SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*printenv"
[/quote]
