Edit this line in the OWASP CRS 10 setup conf file - https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/modsecurity_crs_10_setup.conf.example#L279
Add in the allowed content type you need. Ryan Barnett Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Ilyass Kaouam <ilyassi...@gmail.com<mailto:ilyassi...@gmail.com>> Reply-To: "ilyassi...@gmail.com<mailto:ilyassi...@gmail.com>" <ilyassi...@gmail.com<mailto:ilyassi...@gmail.com>> Date: Wednesday, May 21, 2014 7:26 AM To: Jerome Athias <athiasjer...@gmail.com<mailto:athiasjer...@gmail.com>> Cc: "owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>" <owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>> Subject: Re: [Owasp-modsecurity-core-rule-set] problems with upload jpg Thank you for you help. I'm understand "fhamt" :) But i don't know hwo define a proper whitelist ? :( please help me. 2014-05-21 12:08 GMT+01:00 Jerome Athias <athiasjer...@gmail.com<mailto:athiasjer...@gmail.com>>: You are not setting the proper Content-Type in your XMLHttpRequest, you should use setRequestHeader('Content-Type', 'image/jpeg'); in this case and define a proper whitelist famti? 2014-05-21 13:41 GMT+04:00 Ilyass Kaouam <ilyassi...@gmail.com<mailto:ilyassi...@gmail.com>>: > > Hello > I've a problems when i'd like upload a jpg file. > how i can allow upload some type of file like : jpg, pdf ... > > this is the output of modsec_audit.log > > --a7f42c69-A-- > > [21/May/2014:11:35:27 +0200] U3xzXX8AAAEAACYTAbUAAAAG xx.xx.xx.xx 60416 > xx.xx.xx.xx 80 > > --a7f42c69-B-- > > POST /upload-useravatar?qqfile=xxxx.jpg HTTP/1.1 > > Host: www.xxxxxx.com<http://www.xxxxxx.com> > > Connection: keep-alive > > Content-Length: 159959 > > Origin: http://www.xxxxxx.com > > X-Requested-With: XMLHttpRequest > > X-File-Name: xxxx.jpg > > User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36 > > Content-Type: application/octet-stream > > Accept: */* > > Referer: http://www.xxxxxx.com/user > > Accept-Encoding: gzip,deflate,sdch > > Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4,ar;q=0.2 > > Cookie: JSESSIONID=5B361D7404F645627AFB171BBA0B3F8B; > __utma=111125463.1873502041.1396101474.1400599956.1400664807.23; > __utmb=111125463.4.10.1400664807; __utmc=111125463; > __utmz=111125463.1396101474.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) > > > --a7f42c69-F-- > > HTTP/1.1 403 Forbidden > > Content-Length: 219 > > Connection: close > > Content-Type: text/html; charset=iso-8859-1 > > > --a7f42c69-E-- > > > --a7f42c69-H-- > > Message: Access denied with code 403 (phase 1). Match of "rx > ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file > "/etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_30_http_policy.conf"] > [line "64"] [id "960010"] [rev "2"] [msg "Request content type is not > allowed by policy"] [data "application/octet-stream"] [severity "CRITICAL"] > [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag > "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag > "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] > > Action: Intercepted (phase 1) > > Stopwatch: 1400664925455373 1654382 (- - -) > > Stopwatch2: 1400664925455373 1654382; combined=371, p1=195, p2=0, p3=0, > p4=0, p5=105, sr=47, sw=1, l=0, gc=70 > > Response-Body-Transformed: Dechunked > > Producer: ModSecurity for Apache/2.7.3 (http://www.modsecurity.org/); > OWASP_CRS/2.2.9.<http://2.2.9.> > > Server: Apache > > Engine-Mode: "ENABLED" > > > --a7f42c69-Z- > > thank you > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
