Hello,
Sorry for the long delay. I finally managed to find someone who could take a look at the audit logs and here is what was dumped out when trying to use tw-sack. I trimmed out the personal data. And we do have mod_security on. If you need anything else, just ask.
------
HTTP/1.1 406 Not Acceptable
Content-Length: 346
Connection: close
Content-Type: text/html; charset=iso-8859-1
--66e9d265--
==596e8740==============================
Request: www.website.com *.*.*.* - - [17/Nov/2006:15:04:38 --0800]
"POST /lib/exe/ajax.php HTTP/1.1" 406 354
"http://www.website.com/lib/exe/mediamanager.php?ns=" "Mozilla/5.0
(Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1) Gecko/20061026
BonEcho/2.0" - "-"
Handler: php5-script
----------------------------------------
POST /lib/exe/ajax.php HTTP/1.1
Host: www.website.com
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
rv:1.8.1) Gecko/20061026 BonEcho/2.0
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer:
http://www.website.com/lib/exe/mediamanager.php?ns=
Content-Length: 18
Cookie:
__utmz=113457603.1157494779.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none);
DWbe08ea4624a10d0b525bdd48fdd1c9ab=cnlhbnwxfE8zY2wxcXJ6YUVnPQ%3D%3D;
__utma=113457603.1935416874.1157494779.1158020260.1158700514.3;
DokuWiki=p12a3ig57u8bkjjv3jcdhvv3r6;
clickedFoldert2=1%5E2%5E3%5E4%5E5%5E6%5E7%5E8%5E9%5E10%5E11%5E12%5E13%5E14%5E15%5E16%5E17%5E18%5E19%5E20%5E21%5E22%5E23%5E24%5E25%5E26%5E27%5E28%5E29%5E30%5E31%5E32%5E33%5E34%5E35%5E36%5E37%5E38%5E39%5E40%5E41%5E42%5E43%5E44%5E45%5E46%5E47%5E48%5E49%5E50%5E51%5E52%5E53%5E54%5E55%5E56%5E57%5E58%5E59%5E60%5E61%5E62%5E63%5E64%5E65%5E
Pragma: no-cache
Cache-Control: no-cache
mod_security-action: 406
mod_security-message: Access denied with code 406. Pattern match
"!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)" at
HEADER("Content-Type") [severity "EMERGENCY"]
18
ns=&call=medialist
HTTP/1.1 406 Not Acceptable
Content-Length: 354
Connection: close
Content-Type: text/html; charset=iso-8859-1
--596e8740--