View Single Post
  #4  
Old 20th May 2009, 11:39
manarak manarak is offline
Senior Member
 
Join Date: Apr 2009
Posts: 263
Thanks: 32
Thanked 6 Times in 5 Posts
Default

mod_security says "remote file access attempt", severity "critical", tag "web attack/file injection" data "/etc/"

now that's scary enough and I am happy that mod_security blocks that type of request. or should it?


what is the proper way?
- ISPC3 code to be modified not to trigger any modsecurity alerts (currently I do not know if the ajax functions in ISPC are a potential vulnerability?)
or
- modify mod_security rules to allow these requests from ISPC panel.
Reply With Quote