That won't work in the present case. The reason for the problem is that 3.0.5 used POST to submit the redirect parameter, 3.0.6 uses GET. The above command disables scanning on POST, which won't help. SecFilterScanGET might work, but I am not sure about that.soumik wrote:Add this to your .htaccess :Although I don't know if it's recommended.
Code: Select all
Regardless, it is an excellent example on why we can't work around mod_sec rules in general: some servers might reject "gonrod", others anything using "<...>" etc - it is a server configuration issue. That doesn't mean that we won't provide a workaround or a patch once we figure out which rules are offending and how often they are used, just that it is impossible to avoid all problems.