jake2891 Posted January 8, 2010 Share Posted January 8, 2010 Hey, has anyone found an alternative to getting uploadprogress working with apache and mod_security without disabling or changing security settings in mod_security that will compromise the server ? I dont see the point in using this feature if we have to disable security settings on the server ? http://pecl.php.net/bugs/bug.php?id=16954 Bug Description: ------------ No temp file is created when mod_security2 is enabled. Possible cause that I have found is that PHP writes to a different file name in the user's temp directory when mod_security is enabled compared to when it is not. Sample temp files created when mod_security is disabled: phpENU1wg upt_805677.1259779397.txt where "805677.1259779397" is the UPLOAD_IDENTIFIER. Sample temp files created when mod_security is enabled: 20091202-144325-SxbDWkU8c54AACEoQmIAAAAF-request_body-TgkMtk [2009-12-02 20:06 UTC] blepore at igniteworldwide dot com If this cannot be accomplished, it is worth adding to the documentation that setting SecRequestBodyAccess to Off will work around the issue (though leave the site more vulnerable). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.