summaryrefslogtreecommitdiffstats
path: root/templates
diff options
context:
space:
mode:
authorZen Fu <zen@systemli.org>2020-01-17 15:28:34 -0300
committerZen Fu <zen@systemli.org>2020-01-17 15:33:17 -0300
commit6ff1a21ca9fdfa4dfc3065a7829e7a90282748d2 (patch)
tree38da1cf0109e98ea27d08072f465e5238a65c02a /templates
parentd7707cf6cb51825eb747c7fd8662cde6a5fef530 (diff)
Weblate: remove Apache modsec rule for MSSQL attacksHEADmaster
ModSec rule #942190 prevented someone from being able to make legitimate suggestions in italian because of the string "l'unione di Debian e Tor" (reported through sysadmins list). This rule can be removed because (1) we don't use MSSQL and (2) Weblate/Django should be able to correctly santize such user input. We have already removed similar modsec rules before.
Diffstat (limited to 'templates')
-rw-r--r--templates/weblate/apache-vhost.erb1
1 files changed, 1 insertions, 0 deletions
diff --git a/templates/weblate/apache-vhost.erb b/templates/weblate/apache-vhost.erb
index b2dd0b6..14957e4 100644
--- a/templates/weblate/apache-vhost.erb
+++ b/templates/weblate/apache-vhost.erb
@@ -46,6 +46,7 @@ WSGIPythonPath <%= @code_git_checkout %>
SecRuleRemoveById 942130
SecRuleRemoveById 942150
SecRuleRemoveById 942180
+ SecRuleRemoveById 942190
SecRuleRemoveById 942200
SecRuleRemoveById 942210
SecRuleRemoveById 942260