Hi Matteo
Our future customer (I hope) is very exigent in the security domain...
So if there is a possibility to change the dash in an underscore and
maintain the rule in the mod-security module for me this is the best
solution.
Of course I won't modify the source code and recompile it.
Regards
Maurizio
Matteo Pelucco wrote:
Maurizio Müller (Tinext) ha scritto:
I have a little problem with Magnolia and the Apache module mod-security.
...
In my opinion, there is no advantages on changing Magnolia behaviour,
for 2 main reasons:
1) an url like http://mysite/my-picture--1.jpg is a valid url
2) the substitution is performed either at Java level either at
JavaScript level, deeply on core modules.
Since the problem is only related to "double dash" (or more than one
instance dash sequence) why not add a rule to mod-security, with the
SecRule directive, in order to ignore them and make them pass to container?
I think it is the easy and more correct way to let Magnolia be itself :-)
M.
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to:
<[email protected]>
----------------------------------------------------------------
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
