05-14-2009, 12:16 PM
|
|
Senior Member
|
|
Join Date: Jan 2009
Posts: 52
|
|
Quote:
Originally Posted by mistwang
First, please upgrade to 4.0.3,
Ok I have successfully upgraded to 4.0.3 with chRoot enabled. No other settings have been changed. They all migrated to the new version.
Second, add a testing mod_security rule,
I do not know how to do this. That's what my inquiry above was about please.
third, try to hit the testing rule with a crafted request
I don't exactly know how to do this either, and will require assistance. What I have done is downloaded c100.php. I had to turn off my computer antivirus to even download it; however, I have uploaded it to a site on my server and I have successfully navigated the entire directory by accessing that file. This I do not want to happen. I don't even want a user to be allowed to upload these erroneous scripts.
fourth, checklogs/modsec_audit.log
I am going to send you a site pm with my login and pw to root on my machine. If you can find time to review the above information and provide a solution understandable at my novice level, I truly do believe this will help everyone.
|
Thank you.
Last edited by grniyce; 06-28-2009 at 07:13 PM..
|