Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

File interception supported

Building on the multipart/form-data support I added to mod_security the other day, today I added two new configuration directives to support file interception. Using SecUploadDir you can tell mod_security to store files (works on per-directory configuration so you can have any number of different folders), and by setting SecUploadKeepFiles to On you can tell it not to erase after it's done with them. Pretty nice. The next step, a hook to execute external programs to verify uploaded files, is coming soon.