I recently implemented mod_security on my server and ever since i have been having problem with horde mail calendar.
Whenever a user try to make an entry in calender the page generates an error message and i was able to trace the error to the audit_log file and this line is always generated;
mod_security-message: Access denied with code 500. Pattern match "!/imp/login\\.php" at HEADER("Referer") [id "300018"] [rev "3"] [msg "Generic PHP code injection protection via ARGS"] [severity "CRITICAL"]
I am guessing i have to define some exclusions in mod_security conf files but i dont know which.
I also noticed this entry in my audit_log seems like an attemp to use my server as open proxy;
Request: umsky.com 58.62.26.19 - - [19/Apr/2007:18:00:44 --0700] "GET http://umsky.com/sproxy.php HTTP/1.0" 500 603 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" - "-"
Handler: php5-script
----------------------------------------
GET http://umsky.com/sproxy.php HTTP/1.0
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: umsky.com
Connection: Keep-Alive
mod_security-action: 500
mod_security-message: Access denied with code 500. Pattern match "^GET (http|https|ftp)\\:/" at THE_REQUEST [severity "EMERGENCY"]
I saw that access was denied but is there something i need to do.
Hope some can help me out
Whenever a user try to make an entry in calender the page generates an error message and i was able to trace the error to the audit_log file and this line is always generated;
mod_security-message: Access denied with code 500. Pattern match "!/imp/login\\.php" at HEADER("Referer") [id "300018"] [rev "3"] [msg "Generic PHP code injection protection via ARGS"] [severity "CRITICAL"]
I am guessing i have to define some exclusions in mod_security conf files but i dont know which.
I also noticed this entry in my audit_log seems like an attemp to use my server as open proxy;
Request: umsky.com 58.62.26.19 - - [19/Apr/2007:18:00:44 --0700] "GET http://umsky.com/sproxy.php HTTP/1.0" 500 603 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" - "-"
Handler: php5-script
----------------------------------------
GET http://umsky.com/sproxy.php HTTP/1.0
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: umsky.com
Connection: Keep-Alive
mod_security-action: 500
mod_security-message: Access denied with code 500. Pattern match "^GET (http|https|ftp)\\:/" at THE_REQUEST [severity "EMERGENCY"]
I saw that access was denied but is there something i need to do.
Hope some can help me out