Rule 420012: block empty ticket comments from anonymous users
Purpose
Blocks empty comments to existing tickets if they are POSTed by anonymous (= not authenticated) users.
Looks for POSTs without trac_auth cookie and checks that the comment form parameter is not empty.
Example
--f7274b43-A-- [26/Apr/2007:11:31:11 +0200] reqhlqwQKoYAAG9DtJsAAAAR XX.XX.XX.XX 1848 217.24.1.134 80 --f7274b43-B-- POST /ticket/1056 HTTP/1.1 Host: madwifi.org User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://madwifi.org/ticket/1056 Cookie: trac_form_token=6c9bcfc9c175a06159b55cc8; trac_session=975f737e18792f9332d8e084 Content-Type: application/x-www-form-urlencoded Content-Length: 106 --f7274b43-C-- __FORM_TOKEN=6c9bcfc9c175a06159b55cc8&author=anonymous&comment=&action=leave&ts=1167030481&replyto=&cnum=3 --f7274b43-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Keep-Alive: timeout=5, max=512 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f7274b43-H-- Message: Warning. Pattern match "^/(wiki/|ticket/|newticket|simpleticket).*$" at REQUEST_URI. [id "420099"] [rev "1"] [msg "Suspicious Post"] Message: Access denied with code 403 (phase 2). Pattern match "^$" at ARGS:comment. [id "420012"] [rev "2"] [msg "empty ticket comment"] Action: Intercepted (phase 2) Stopwatch: 1177579871183254 315490 (290363* 290777 -) Producer: ModSecurity v2.1.0 (Apache 2.x) Server: Apache/2.2.3 (Debian) DAV/2 SVN/1.4.2 mod_python/3.2.10 Python/2.4.4 WebApp-Info: "trac.madwifi" "-" "-" --f7274b43-Z--
Protected handlers
- ticket
See also
n/a
History
- rev:2
- rev:1 blocked requests from admin users who modified ticket properties without writing a comment at the same time. Thus the check for empty comment is now limited to anonymous users.
- rev:1
- Initial version.
