Unless there's an obvious flaw in this somewhere, this seems to work for me:
SecFilterSelective REQUEST_METHOD "!^GET$" chain
SecFilterSelective REQUEST_URI "/cgi-bin/mailman/" chain
SecFilterSelective HTTP_Content-Type
"!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
> Obviously, the problem is that form-data is being denied. I want to
> enable it for mailman, but disable it elsewhere. Is there a simple and
> secure way to do that?
I just tried:
SecFilterSelective HTTP_CONTENT_TYPE "multipart/form-data" chain
SecFilterSelective REQUEST_URI "/cgi-bin/m
2 matches
Mail list logo
