not the best way, but look at the end
http://www.modsecurity.org/documentation/quick-examples.html
Please read the documentation, and google is your friend
2014-05-21 15:26 GMT+04:00 Ilyass Kaouam <ilyassi...@gmail.com>:
> Thank you for you help.
> I'm understand "fhamt" :)
>
> But i don't know hwo define a proper whitelist ? :(
>
> please help me.
>
>
> 2014-05-21 12:08 GMT+01:00 Jerome Athias <athiasjer...@gmail.com>:
>
>> You are not setting the proper Content-Type in your XMLHttpRequest,
>> you should use
>>
>> setRequestHeader('Content-Type', 'image/jpeg');
>> in this case
>>
>> and define a proper whitelist
>>
>> famti?
>>
>> 2014-05-21 13:41 GMT+04:00 Ilyass Kaouam <ilyassi...@gmail.com>:
>> >
>> > Hello
>> > I've a problems when i'd like upload a jpg file.
>> > how i can allow upload some type of file like : jpg, pdf ...
>> >
>> > this is the output of modsec_audit.log
>> >
>> > --a7f42c69-A--
>> >
>> > [21/May/2014:11:35:27 +0200] U3xzXX8AAAEAACYTAbUAAAAG xx.xx.xx.xx 60416
>> > xx.xx.xx.xx 80
>> >
>> > --a7f42c69-B--
>> >
>> > POST /upload-useravatar?qqfile=xxxx.jpg HTTP/1.1
>> >
>> > Host: www.xxxxxx.com
>> >
>> > Connection: keep-alive
>> >
>> > Content-Length: 159959
>> >
>> > Origin: http://www.xxxxxx.com
>> >
>> > X-Requested-With: XMLHttpRequest
>> >
>> > X-File-Name: xxxx.jpg
>> >
>> > User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2)
>> > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137
>> > Safari/537.36
>> >
>> > Content-Type: application/octet-stream
>> >
>> > Accept: */*
>> >
>> > Referer: http://www.xxxxxx.com/user
>> >
>> > Accept-Encoding: gzip,deflate,sdch
>> >
>> > Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4,ar;q=0.2
>> >
>> > Cookie: JSESSIONID=5B361D7404F645627AFB171BBA0B3F8B;
>> > __utma=111125463.1873502041.1396101474.1400599956.1400664807.23;
>> > __utmb=111125463.4.10.1400664807; __utmc=111125463;
>> >
>> > __utmz=111125463.1396101474.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
>> >
>> >
>> > --a7f42c69-F--
>> >
>> > HTTP/1.1 403 Forbidden
>> >
>> > Content-Length: 219
>> >
>> > Connection: close
>> >
>> > Content-Type: text/html; charset=iso-8859-1
>> >
>> >
>> > --a7f42c69-E--
>> >
>> >
>> > --a7f42c69-H--
>> >
>> > Message: Access denied with code 403 (phase 1). Match of "rx
>> > ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file
>> >
>> > "/etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_30_http_policy.conf"]
>> > [line "64"] [id "960010"] [rev "2"] [msg "Request content type is not
>> > allowed by policy"] [data "application/octet-stream"] [severity
>> > "CRITICAL"]
>> > [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag
>> > "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag
>> > "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"]
>> >
>> > Action: Intercepted (phase 1)
>> >
>> > Stopwatch: 1400664925455373 1654382 (- - -)
>> >
>> > Stopwatch2: 1400664925455373 1654382; combined=371, p1=195, p2=0, p3=0,
>> > p4=0, p5=105, sr=47, sw=1, l=0, gc=70
>> >
>> > Response-Body-Transformed: Dechunked
>> >
>> > Producer: ModSecurity for Apache/2.7.3 (http://www.modsecurity.org/);
>> > OWASP_CRS/2.2.9.
>> >
>> > Server: Apache
>> >
>> > Engine-Mode: "ENABLED"
>> >
>> >
>> > --a7f42c69-Z-
>> >
>> > thank you
>> >
>> > _______________________________________________
>> > Owasp-modsecurity-core-rule-set mailing list
>> > Owasp-modsecurity-core-rule-set@lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>> >
>
>
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
