Moodle in English: client block

Security and privacy

client block - mod_security

◄ Admin lost ability to assign roles
Firesheep ►

This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.

Re: client block - mod_security

by Matteo Scaramuccia - Tuesday, December 21, 2010, 5:14 PM

Hi Megan,

960032 checks for "supposed legal" HTTP requests i.e. using just GET, POST, OPTIONS, HEAD methods which actually are a superset of the methods (GET) used to access file.php using a normal browser session.

IMHO it should not be disabled: it will be helpful to look at the logs to see what was the method(s) used to access to that URL in order of being able to identify the reason why your supposed users are triggering such rule e.g. really a legal request or e.g. sort of scanning.

HTH,

Matteo

Average of ratings: -

◄ Admin lost ability to assign roles
Firesheep ►