chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Add ModSecurity exceptions in .htaccess against false positive XSS detection - refs #3163

Browse Source
pull/3440/head
Yannick Warnier 5 years ago
parent 068eb5d4a7
commit 047dbdfb9a
1 changed files with 15 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 15
      .htaccess

15
.htaccess
Unescape View File

@ -88,3 +88,18 @@ AddType application/font-woff .woff .woff2
ExpiresActive On
ExpiresByType application/font-woff "access plus 1 month"
</IfModule>
# Add MOD Security exceptions against XSS Attack confusion in main/lp/*.php
# See https://github.com/chamilo/chamilo-lms/issues/3163
<IfModule mod_security.c>
<If "%{REQUEST_URI} =~ m#main/lp#">
SecRuleRemoveById 212000-212999
</If>
</IfModule>
<IfModule mod_security2.c>
<If "%{REQUEST_URI} =~ m#main/lp#">
SecRuleRemoveById 212000-212999
</If>
</IfModule>

Write Preview
Loading…
Cancel
Save