ModSecurity Trustwave
This blog has moved! Please update your
bookmarks to http://blog.spiderlabs.com/modsecurity/.

ModSecurity Blog: November 2003

File interception supported

Building on the multipart/form-data support I added to mod_security the other day, today I added two new configuration directives to support file interception. Using SecUploadDir you can tell mod_security to store files (works on per-directory configuration so you can have any number of different folders), and by setting SecUploadKeepFiles to On you can tell it not to erase after it's done with them. Pretty nice. The next step, a hook to execute external programs to verify uploaded files, is coming soon.

Multipart support added

Over the weekend I worked on adding the multipart/form-data support to mod_security. As a result, the Apache 1.x version in CVS now supports it. It still needs to be polished, of course, but this feature opens a door for other interesting features, such as intercepting file uploads. For every uploaded file you will be able to invoke a script to verify it (grep, anti-virus, whatever...), or to store the file for analysis later. This is the last large chunk of functionality I wanted to have before labeling mod_security v2.0 and I am glad it is getting closer.

Calendar

November 2010
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30

Feeds

Atom Feed

Search

Categories

Recent Entries

Archives