From ec49ce05c7d3c853dec070c57a0deb8f0ba7c20d Mon Sep 17 00:00:00 2001 From: brectanus Date: Fri, 5 Sep 2008 16:18:00 +0000 Subject: [PATCH] Updated docs to point out some features are not available on all OSes. MODSEC-9 --- doc/modsecurity2-apache-reference.xml | 33 +++++++++++++++------------ 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index cec8b2e5..f570119b 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -951,11 +951,12 @@ SecAuditLogStorageDir logs/audit Version: 2.0.0 - Dependencies/Notes: The internal chroot - functionality provided by ModSecurity works great for simple setups. One - example of a simple setup is Apache serving static files only, or - running scripts using modules. Some problems you might encounter with - more complex setups: + Dependencies/Notes: This feature is not + available on Windows builds. The internal chroot functionality provided + by ModSecurity works great for simple setups. One example of a simple + setup is Apache serving static files only, or running scripts using + modules.builds. Some problems you might encounter with more complex + setups: @@ -2342,7 +2343,8 @@ SecRuleUpdateActionById 12345 "t:compressWhitespace,deny,status:403,msg:'A new m <literal>SecUploadFileMode</literal> Description: Configures the mode - (permissions) of any uploaded files using an octal number. + (permissions) of any uploaded files using an octal number (as used in + chmod). Syntax: SecUploadFileMode octal_mode|"default" @@ -2356,12 +2358,14 @@ SecRuleUpdateActionById 12345 "t:compressWhitespace,deny,status:403,msg:'A new m Version: 2.1.6 - Dependencies/Notes: The mode is an octal - number (as used in chmod). The default mode is for only the account - writing the file to have read/write access (0600). Use this directive - with caution to avoid exposing potentially sensitive data to - unauthorized users. Using the value "default" will revert back to the - default setting. + Dependencies/Notes: This feature is not + available on operating systems not supporting octal file modes. The + default mode (0600) only grants read/write access to the account + writing the file. If access from another account is needed (using clamd + is a good example), then this directive may be required. However, use + this directive with caution to avoid exposing potentially sensitive + data to unauthorized users. Using the value "default" will revert back + to the default setting.
@@ -4458,7 +4462,7 @@ SecRule REQUEST_CONTENT_TYPE ^text/xml nolog,pass,ctl:requestBodyProce The requestBodyBuffering option allows you to configure the request body to be buffered (in memory) even if it is not parsed. This - allows inspection of REQUEST_BODY even when no parser is used. + allows inspection of REQUEST_BODY even when no parser is used.
@@ -4515,7 +4519,8 @@ SecRule IP:AUTH_ATTEMPT "@gt 25" \ Note - This action is extremely useful when responding to both Brute + This action is currently not available on Windows based builds. + This action is extremely useful when responding to both Brute Force and Denial of Service attacks in that, in both cases, you want to minimize both the network bandwidth and the data returned to the client. This action causes error message to appear in the log "(9)Bad file