>>>>> I have not run RoundCube under mod_security, but from what I know >>>>> about mod_security, I am sure it can be done. >>>>> >>>>> mod_security simply applies a [long] list of rules to the contents of >>>>> each request (GET/POST/HEAD/etc) including the header. >>>>> >>>>> Depending on your ruleset, you often have to add exceptions for >>>>> certain applications, and/or disable entire rules server-wide. What >>>>> I've done in the past is: tail -F error_log while you use the >>>>> application. Then you add exceptions for the uri (e.g. "/roundcube") >>>>> or hostname or disable certain rules inside the modsecurity*.conf >>>>> files. >>>>> >>>> >>>> Thank you for your interest in my problem >>>> how easy to apply new rules to mod_security ? >>> >>> I think you can do it in .htaccess. But you should check with your >>> provider. >>> >>> Till >> >> >> >> I can edit my file myself .htaccess . >> I have root access on the machine > > Hehe... > > From your log, it says the rules are in: > /etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf > > Edit, and restart Apache. > > For inspiration: > http://www.gotroot.com/mod_security+rules > > Till
I'll look at these documents and I'll try to walk roundcube with mod_security thanks _______________________________________________ List info: http://lists.roundcube.net/dev/
