[dokuwiki] Indexer and mod_security
- From: Richard Weickelt <weickric@xxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Wed, 07 May 2008 23:05:56 +0200
Hello,
I'm running a dw-installation on a solaris machine with apache. My admin
told me, that mod_security produced some warnings because of the dokuwiki
indexer, which uses a strange URL-format.
For example: "/repaint/lib/exe/indexer.php?id=start&1210159793"
It gave the following warning:
[Wed May 07 13:29:54 2008] [error] [client 193.28.194.12] mod_security:
Warning. Pattern match "!^[][a-zA-Z0-9_]*$" at ARGS_NAMES [msg "SSI
injection attack"] [severity "EMERGENCY"] [hostname
"www.imt.tu-cottbus.de"] [uri
"/repaint/lib/exe/indexer.php?id=start&1210159793"] [unique_id
"SKbd@I0rAQcAAAGNOGUAAAAB"]
Shouldn't the URL above look like:
/repaint/lib/exe/indexer.php?id=start&1210159793"
But what is the timestamp for? It seems not beeing used anywhere, because
in the url above it is recogniced as part of the ID and filtered out.
Thanks
Richard
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
- Follow-Ups:
- [dokuwiki] Re: Indexer and mod_security
- From: Andreas Gohr
- References:
- [dokuwiki] Alphaindex plugin and last update
- From: Francois Sabot
- [dokuwiki] Re: Alphaindex plugin and last update
- From: Andreas Gohr
- [dokuwiki] Re: Alphaindex plugin and last update
- From: Francois Sabot
Other related posts:
- » [dokuwiki] Indexer and mod_security
- » [dokuwiki] Re: Indexer and mod_security
- [dokuwiki] Re: Indexer and mod_security
- From: Andreas Gohr
- [dokuwiki] Alphaindex plugin and last update
- From: Francois Sabot
- [dokuwiki] Re: Alphaindex plugin and last update
- From: Andreas Gohr
- [dokuwiki] Re: Alphaindex plugin and last update
- From: Francois Sabot