Page 1 of 1

Ignore "[\/proc\/self\/environ]" expressions

Posted: 09 Jan 2019, 20:31
by LukeDouglas
Can anyone outline how to configured ConfigServer to ignore all [\/proc\/self\/environ] expressions?

I get tons of emails with things like this:

----------- SCAN REPORT -----------

TimeStamp: Thu, 3 Jan 2019 00:00:03 -0700

(/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --ctime 25 --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --noforce --html --ignore /etc/cxs/cxs.ignore --mail root --options OLfmMChexdDZRP --qoptions Mv --quiet --report /root/scandaily.log --sizemax 1000000 --ssl --nosummary --sversionscan --timemax 30 --nounofficial --virusscan --voptions fmMhexT --www)



(63) alseedas, Scanning /home/XXXXXXXX/public_html:

'/home/XXXXXXXX/public_html/.htaccess'
Regular expression match = [\/proc\/self\/environ]

FYI, each of my clients HTACCESS files has the following setting which I do use settings recommended by Securitycheck Pro Prevent:

## /proc/self/environ? Go away!
RewriteCond %{QUERY_STRING} proc/self/environ [NC,OR]

I know if I comment out this setting, it would probably stop these emails but this is a useful setting to block attacks so I just need a way to config ConfigServer to disregard this setting.