I want to scan the file downloads with mod-security. Is it possible to do this? I could not find any way of doing it. File upload scanning is feasible but how to do scanning of downloads?
Related Questions in APACHE
- Special access rule in an .htaccess file for IP addresses, authorized only for one directory structure
- How to isolate PHP apps from each other on a local machine(Windows or Linux)?
- Cannot load modules/mod_dav_svn.so into server
- How to ignore case in regexp mapping in a .htaccess rewrite rule?
- Oracle Http server ISNT-07551
- I cant access file directory with PHP local host on XAMPP. it just shows one of the files I have in my visual studio code
- Apache Reverse Proxy: only one proxy directive is working. Second one is ignored
- Issue with Django --> Apache WSGI deployment
- changing the node version used by apache web server
- Apache: How can I redirect to a subfolder with a URL param but serve required content via the main URL?
- Why/How does Apache auto-include "DHE" TLS1.2 ciphers while nginx needs "dhparams" file?
- Set up MX records in apache/Ubuntu to point to external mail server
- How to proxy to another port?
- Php can not upload file out of /var/www/html even after disabling Selinux
- Serve static site on S3 + CloudFlare with Apache retaining the source URL
Related Questions in MOD-SECURITY
- Apache2 Modsecurity configuration file error
- Can we use back-references with Modsecurity 2.9 rsub operator?
- Mod Security IIS 10 is blocking PHP interacation even in DetectionOnly
- Is ModSecurity 2.9 able to perform censorship ? (change the response body)
- SecRule REQUEST_HEADERS:Content-Type to parse XML & JSON for Ingress k8s
- ModSecurity with OWASP-CRS blocks ERDDAP queries containing '(' and ')' characters
- mTLS with Apache proxy and many user certs?
- Modsecurity blocks my legit POST request (403 forbidden)
- Wordpress open accordion code snippet. Request failed with status code 418 on dreamhost
- Cannot access XML element within a namespace using ModSecurity
- Chained rule not working in ModSecurity/Coraza
- Rate limit on a per-IP basis using ModSecurity
- Mixing logical OR and AND in ModSecurity/Coraza
- ModSecurity rule to find JSON value in request body
- OWASP ModSecurity 2.9 on IIS Causing 403 Forbidden
Related Questions in MOD-SECURITY2
- mod_security blocks data binding in MVC4
- modsecurity whitelist ip range
- mod_security blocks only internet explorer
- ModSecurity not detecting DDoS attack on DVWA
- ModSecurity SQL rules activated by image called 'warning.png'
- Apache server reverse proxy: increase file upload limit
- modsecurity blocking but not logging a violation
- ModSecurity: Block simultaneous requests to multiple sites
- ModSecurity Block invalid host referer
- ModSecurity count the number of hosts accessed by an IP
- How to generate email alert for modsecurity rule set execution
- Secrule modsecurity random numbers and adress ip post method
- 403 - modsecurity action in the live website?
- Nginx ingress controller modsecurity
- File download scanning with modsecurity
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Yes it's possible to do this.
Look at SecResponseBodyAccess and SecResponseMimeType. Note however that only text files are really useful to check. PDFs and other documents which contain binary data lead to many false positives.