[TYPO3-english] 302 redirect when invoking file browser
Graham Knight
graham.knight5 at gmail.com
Sat Oct 17 09:52:39 CEST 2015
Hi,
I found the solution to this and it may be of interest to others.
The request:
GET /typo3/browser.php?mode=file&bparams=|||gif,jpg,jpeg,tif,tiff,bmp,pcx,tga,png,pdf,ai|data-5-tt_content-93-image-sys_file_reference|inline.checkUniqueElement||inline.importElement
was being bounced in the Apache server by the ModSecurity module. Rule 981319 was being triggered. Once this rule was removed normal service was restored.
I know nothing about ModSecurity and a glance at the definition of rule 981319 suggests there is a lot to learn. Purely for academic interest, can anyone explain what it is in the GET request that would look like a security risk?
Graham
More information about the TYPO3-english
mailing list