This repository was archived by the owner on May 15, 2019. It is now read-only.
This repository was archived by the owner on May 15, 2019. It is now read-only.
Potential ModSecurity Conflict #7
Description
if server paths are defined relatively, eg)
Reloadr.go({
server: [
'../../lib/scss/*.scss',
],
...
});
ModSecurity will likely deny the request, serving up a 403 Forbidden. This is based on the Atomicorp.com WAF Rules on Generic Path Recursion. Which is any REQUEST_URI that matches positive against:
rx (/products/index\\.php\\?gallery=|connector=\\.\\./\\.\\./connectors|/admin/structure/views/|phpthumb/phpthumb\\.php\\?src=\\.\\./.*(?:uploads|images)|/site-builder/)