XUpload - Installing XUPload with Mod Security Version 2.

Message
Author
Silverado
Posts: 4
Joined: May 26, 2008 6:31 pm

Installing XUPload with Mod Security Version 2.

#1 Postby Silverado » May 26, 2008 6:40 pm

I finally was able to get files over 128MB to upload using mod_security2. It took all day, because of a bug in mod_security2 module:

I added this to the bottom of my mod_security.conf file for apache. .httaccess won't allow SecRuleEngine being turned off. I kept the .httaccess in the cgi-bin/upload directory that sibsoft provided as well.

<< added to mod_security.conf at bottom>>

# This is a big bug in mod_security2. If you don't set this outside
# <Directory> or any scope, it doesn't work....The phase one checks
# the size even if you turn SecRequestBodyAccess off
SecRequestBodyLimit 10000000000000

# upload program folder
<Directory "/var/www/cgi-bin/upload">
AllowOverride All
Order allow,deny
Allow from all
# only turn off for file upload.cgi
<Files upload.cgi>
# Turn off scanning of the Request body, since this is an upload
# ** todo we should install ClamAV and scan files after they are uploaded
SecRequestBodyAccess Off
# the scripts have multi-part malformed errors and others, so
# turn the engine off. Really wish I didn't have to turn off the
# whole engine, but at least it's only for one file.
SecRuleEngine Off
</Files>
</Directory>