[Owasp-modsecurity-core-rule-set] problems with upload jpg

Wed, 21 May 2014 02:52:33 -0700 

Hello
I've a problems when i'd like upload a jpg file.
how i can allow upload some type of file like : jpg, pdf ...

this is the output of modsec_audit.log

--a7f42c69-A--

[21/May/2014:11:35:27 +0200] U3xzXX8AAAEAACYTAbUAAAAG xx.xx.xx.xx 60416
xx.xx.xx.xx 80

--a7f42c69-B--

POST /upload-useravatar?qqfile=xxxx.jpg HTTP/1.1

Host: www.xxxxxx.com

Connection: keep-alive

Content-Length: 159959

Origin: http://www.xxxxxx.com

X-Requested-With: XMLHttpRequest

X-File-Name: xxxx.jpg

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36

Content-Type: application/octet-stream

Accept: */*

Referer: http://www.xxxxxx.com/user

Accept-Encoding: gzip,deflate,sdch

Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4,ar;q=0.2

Cookie: JSESSIONID=5B361D7404F645627AFB171BBA0B3F8B;
__utma=111125463.1873502041.1396101474.1400599956.1400664807.23;
__utmb=111125463.4.10.1400664807; __utmc=111125463;
__utmz=111125463.1396101474.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)


--a7f42c69-F--

HTTP/1.1 403 Forbidden

Content-Length: 219

Connection: close

Content-Type: text/html; charset=iso-8859-1


--a7f42c69-E--


--a7f42c69-H--

Message: Access denied with code 403 (phase 1). Match of "rx
^%{tx.allowed_request_content_type}$" against "TX:0" required. [file
"/etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_30_http_policy.conf"]
[line "64"] [id "960010"] [rev "2"] [msg "Request content type is not
allowed by policy"] [data "application/octet-stream"] [severity "CRITICAL"]
[ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag
"OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag
"OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"]

Action: Intercepted (phase 1)

Stopwatch: 1400664925455373 1654382 (- - -)

Stopwatch2: 1400664925455373 1654382; combined=371, p1=195, p2=0, p3=0,
p4=0, p5=105, sr=47, sw=1, l=0, gc=70

Response-Body-Transformed: Dechunked

Producer: ModSecurity for Apache/2.7.3 (http://www.modsecurity.org/);
OWASP_CRS/2.2.9. <http://2.2.0.9/>

Server: Apache

Engine-Mode: "ENABLED"


--a7f42c69-Z-
thank you

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to