OK, I just got bitten by my own system.
Guacamole is behind a reverse-proxy with ModSecurity.
Sending variables as ${} is considered a potential attack, so I get this in the
WAF:
[id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"]
[data "Matched Data: ${guac_username}_${guac_date}_${guac_time} found within
ARGS:parameters.recording-name:
test_rdp_${guac_username}_${guac_date}_${guac_time}"]
Sorry for the misleading messages in this ML!
I guess I can deactivate this Rule by ID for my Guacamole virtual domain.
However, would it be possible for the Guacamole Client to somehow encrypt or
base64-encode the HTTP requests so it doesn't trigger this ModSecurity rule?
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
