THANK YOU *:) :) :) * It's work perfectly
i'm very happy :) thank you for your help. 2014-05-21 12:52 GMT+01:00 Ryan Barnett <rbarn...@trustwave.com>: > Edit this line in the OWASP CRS 10 setup conf file - > > > https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/modsecurity_crs_10_setup.conf.example#L279 > > Add in the allowed content type you need. > > *Ryan Barnett* > > Lead Security Researcher, SpiderLabs > > > > *Trustwave* | SMART SECURITY ON DEMAND > > www.trustwave.com > > > From: Ilyass Kaouam <ilyassi...@gmail.com> > Reply-To: "ilyassi...@gmail.com" <ilyassi...@gmail.com> > Date: Wednesday, May 21, 2014 7:26 AM > To: Jerome Athias <athiasjer...@gmail.com> > Cc: "owasp-modsecurity-core-rule-set@lists.owasp.org" < > owasp-modsecurity-core-rule-set@lists.owasp.org> > Subject: Re: [Owasp-modsecurity-core-rule-set] problems with upload jpg > > Thank you for you help. > I'm understand "fhamt" :) > > But i don't know hwo define a proper whitelist ? :( > > please help me. > > > 2014-05-21 12:08 GMT+01:00 Jerome Athias <athiasjer...@gmail.com>: > >> You are not setting the proper Content-Type in your XMLHttpRequest, >> you should use >> >> setRequestHeader('Content-Type', 'image/jpeg'); >> in this case >> >> and define a proper whitelist >> >> famti? >> >> 2014-05-21 13:41 GMT+04:00 Ilyass Kaouam <ilyassi...@gmail.com>: >> > >> > Hello >> > I've a problems when i'd like upload a jpg file. >> > how i can allow upload some type of file like : jpg, pdf ... >> > >> > this is the output of modsec_audit.log >> > >> > --a7f42c69-A-- >> > >> > [21/May/2014:11:35:27 +0200] U3xzXX8AAAEAACYTAbUAAAAG xx.xx.xx.xx 60416 >> > xx.xx.xx.xx 80 >> > >> > --a7f42c69-B-- >> > >> > POST /upload-useravatar?qqfile=xxxx.jpg HTTP/1.1 >> > >> > Host: www.xxxxxx.com >> > >> > Connection: keep-alive >> > >> > Content-Length: 159959 >> > >> > Origin: http://www.xxxxxx.com >> > >> > X-Requested-With: XMLHttpRequest >> > >> > X-File-Name: xxxx.jpg >> > >> > User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) >> > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 >> Safari/537.36 >> > >> > Content-Type: application/octet-stream >> > >> > Accept: */* >> > >> > Referer: http://www.xxxxxx.com/user >> > >> > Accept-Encoding: gzip,deflate,sdch >> > >> > Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4,ar;q=0.2 >> > >> > Cookie: JSESSIONID=5B361D7404F645627AFB171BBA0B3F8B; >> > __utma=111125463.1873502041.1396101474.1400599956.1400664807.23; >> > __utmb=111125463.4.10.1400664807; __utmc=111125463; >> > >> __utmz=111125463.1396101474.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) >> > >> > >> > --a7f42c69-F-- >> > >> > HTTP/1.1 403 Forbidden >> > >> > Content-Length: 219 >> > >> > Connection: close >> > >> > Content-Type: text/html; charset=iso-8859-1 >> > >> > >> > --a7f42c69-E-- >> > >> > >> > --a7f42c69-H-- >> > >> > Message: Access denied with code 403 (phase 1). Match of "rx >> > ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file >> > >> "/etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_30_http_policy.conf"] >> > [line "64"] [id "960010"] [rev "2"] [msg "Request content type is not >> > allowed by policy"] [data "application/octet-stream"] [severity >> "CRITICAL"] >> > [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag >> > "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag >> > "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] >> > >> > Action: Intercepted (phase 1) >> > >> > Stopwatch: 1400664925455373 1654382 (- - -) >> > >> > Stopwatch2: 1400664925455373 1654382; combined=371, p1=195, p2=0, p3=0, >> > p4=0, p5=105, sr=47, sw=1, l=0, gc=70 >> > >> > Response-Body-Transformed: Dechunked >> > >> > Producer: ModSecurity for Apache/2.7.3 (http://www.modsecurity.org/); >> > OWASP_CRS/2.2.9. >> > >> > Server: Apache >> > >> > Engine-Mode: "ENABLED" >> > >> > >> > --a7f42c69-Z- >> > >> > thank you >> > >> > _______________________________________________ >> > Owasp-modsecurity-core-rule-set mailing list >> > Owasp-modsecurity-core-rule-set@lists.owasp.org >> > >> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >> > >> > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > -- *Ilyass kaouam* *Systems administrator* * at Inforisk Group Finaccess * *European Masters in Information Technology* *Portable : (212) * *6 34 57 14 36**http://www.inforisk.ma <http://www.inforisk.ma>*
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
