mod_security $ http

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Buddha
    Senior Member
    • Mar 2004
    • 825

    mod_security $ http

    I run into a problem with mod_security and a form that includes a URL field. Besides Javascript is there a way to fix this?

    "Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha
  • AndrewT
    Administrator
    • Mar 2004
    • 3653

    #2
    You're probably best off using something like that. This particular type of protection is in place to help prevent remote file inclusions.

    Comment

    • Buddha
      Senior Member
      • Mar 2004
      • 825

      #3
      Originally posted by AndrewT
      You're probably best off using something like that. This particular type of protection is in place to help prevent remote file inclusions.
      Thanks. You couldn't suspend them eh?
      "Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha

      Comment

      • AndrewT
        Administrator
        • Mar 2004
        • 3653

        #4
        Suspension would be after the fact. mod_security is in place to help prevent things before they become an issue. The simple reality is that most people don't keep their scripts updated which makes this all that more necessary.

        Comment

        • Buddha
          Senior Member
          • Mar 2004
          • 825

          #5
          I was just kidding I know you have too many customers (and too many cpanel accounts) to be able to do that.
          "Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha

          Comment

          • Buddha
            Senior Member
            • Mar 2004
            • 825

            #6
            I'm laughing my ass off ... it just occured to me this would be a lot easier to fix if I did not have all this data checking going on everywhere.

            Of course, I'm getting paid to fix this so it's all good.
            "Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha

            Comment

            • djn
              Senior Member
              • Mar 2004
              • 140

              #7
              The script seems fine, but I'd suggest to put there a line for those of us who keep scripting off by default:

              <label for="WebsiteAddress">Website Address (without http://, please):</label>

              or something like that.

              Comment

              • Buddha
                Senior Member
                • Mar 2004
                • 825

                #8
                Yeah, already did that but I'm not using the javascript. Probably should use the javascript because I'm kind of wonder how Wordpress and other scripts are going to handle this change? Rather just fix it right the first time.
                "Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha

                Comment

                Working...