modsecurity and eZ Publish

Tuesday 07 August 2007 10:07:35 am

Hi All,
I recently setup a new hosting server with modsecurity. I've noticed eZ Publish triggers a few security alerts and prevents user access. If anyone has a list of rules which should be excluded for eZ Publish I would love to see it. Here is what I have excluded so far:

id: 950004 msg "Cross-site Scripting (XSS) Attack. Matched signature <src=\"http:>"
id: 950006 msg "System Command Injection. Matched signature <cmd/c>"
id: 950910 msg "HTTP Response Splitting Attack. Matched signature <%0a>"

If you know of more or if you think these are not being triggered by eZ Publish please share your experience.

Cheers!

working at www.wardnet.com
blogging at www.jamesward.ca