Hi Spartantri, On Wed, Aug 23, 2017 at 06:36:48PM +0200, spartan...@gmail.com wrote: > Hi Ervin, > > Maybe the modsec engine multipart body processor is not rfc compliant and > confuses the CRLF-- with a boundary delimiter instead of doing a full check > as described in rfcs 7578 and 2046, try removing the dashes from the > beginning and end of the gpg content and if it passes that may be the reason > behind this.
in case of PGP there is no option to remove the lines from the head (then the pgp app couldn't realise that is a pgp key). I've try to upload a simple certificate (as attachment), which also contains a header and footer lines: -----BEGIN CERTIFICATE----- MIIE3TCCA8WgAwIBAgIQX+iZdkBxaFky7vr2n2sS5zANBgkqhkiG9w0BAQsFADB4 ... jg== -----END CERTIFICATE----- I've got 403 Forbidden again. Then I removed the leader "-" chars, and attachment had uploaded correctly. I think there isn't a CRLF problem. > To fix it you may add a rule to disable 200004 for that particular URL. I don't want to disable this rule :) > But read the warnings at the documentation. > > File uploads are usually risky so it maybe good if you do a full check with > @inspectFile for malware viruses etc > > Something like > SecRule FILES_TMPNAMES "@inspectFile path/inspectscript" deny.. thanks, but I'm afraid that's not option (I mean to disable this rule) Thanks for your help, a. -- I � UTF-8 _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
