View Single Post
Old 20th May 2009, 11:39
manarak manarak is offline
Senior Member
Join Date: Apr 2009
Posts: 263
Thanks: 32
Thanked 6 Times in 5 Posts

mod_security says "remote file access attempt", severity "critical", tag "web attack/file injection" data "/etc/"

now that's scary enough and I am happy that mod_security blocks that type of request. or should it?

what is the proper way?
- ISPC3 code to be modified not to trigger any modsecurity alerts (currently I do not know if the ajax functions in ISPC are a potential vulnerability?)
- modify mod_security rules to allow these requests from ISPC panel.
Reply With Quote