Forums / General / modsecurity and eZ Publish
James Ward
Tuesday 07 August 2007 10:07:35 am
Hi All,I recently setup a new hosting server with modsecurity. I've noticed eZ Publish triggers a few security alerts and prevents user access. If anyone has a list of rules which should be excluded for eZ Publish I would love to see it. Here is what I have excluded so far:
id: 950004 msg "Cross-site Scripting (XSS) Attack. Matched signature <src=\"http:>" id: 950006 msg "System Command Injection. Matched signature <cmd/c>" id: 950910 msg "HTTP Response Splitting Attack. Matched signature <%0a>"
If you know of more or if you think these are not being triggered by eZ Publish please share your experience.
Cheers!
working at www.wardnet.com blogging at www.jamesward.ca