On Wed, Dec 2, 2009 at 8:34 PM, fakessh <[email protected]> wrote: > On Wed, 2 Dec 2009 20:22:40 +0100, till <[email protected]> wrote: >> On Wed, Dec 2, 2009 at 8:11 PM, fakessh <[email protected]> wrote: >>> On Wed, 2 Dec 2009 11:04:03 -0700, gnul <[email protected]> wrote: >>>> I have not run RoundCube under mod_security, but from what I know >>>> about mod_security, I am sure it can be done. >>>> >>>> mod_security simply applies a [long] list of rules to the contents of >>>> each request (GET/POST/HEAD/etc) including the header. >>>> >>>> Depending on your ruleset, you often have to add exceptions for >>>> certain applications, and/or disable entire rules server-wide. What >>>> I've done in the past is: tail -F error_log while you use the >>>> application. Then you add exceptions for the uri (e.g. "/roundcube") >>>> or hostname or disable certain rules inside the modsecurity*.conf >>>> files. >>>> >>> >>> Thank you for your interest in my problem >>> how easy to apply new rules to mod_security ? >> >> I think you can do it in .htaccess. But you should check with your >> provider. >> >> Till > > > > I can edit my file myself .htaccess . > I have root access on the machine
Hehe... >From your log, it says the rules are in: /etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf Edit, and restart Apache. For inspiration: http://www.gotroot.com/mod_security+rules Till _______________________________________________ List info: http://lists.roundcube.net/dev/
