Mod security configuration flash.

Forum Moderators: phranque

Message Too Old, No Replies

Mod security configuration flash.

webstyler

4:40 pm on Jan 21, 2009 (gmt 0)

Hello

I using SWFupload on my server but there is an issue with mod_security

In mod_security log:
-----------------------------------------------------
Access denied with code 406 (phase 2). Pattern match "^Shockwave Flash" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/conf/rul_modsec/useragents.conf"] [line "169"]
-----------------------------------------------------

If I comment the row bellow work fine
#SecRule HTTP_User-Agent "^Shockwave Flash"

.. may be dangerous ?

encyclo

2:13 am on Jan 23, 2009 (gmt 0)

mod_security doesn't like the non-browser user agent sent with the request. What is in the useragents.conf file? Can you add an exception for the user agent?

webstyler

7:54 am on Jan 23, 2009 (gmt 0)

yes, I own thi server so I can add exception.. but how exaclty ?

thanks

zeus

8:12 pm on Feb 11, 2009 (gmt 0)

Any news on this Topic, there has for a long time now been a issue with Flash and mod security still no fix to this issue, maybe a update Mod security soft.