Re: [mod-security-users] http-version
Brought to you by:
victorhora,
zimmerletw
From: Tom A. <tan...@oa...> - 2005-02-02 15:42:51
|
----- Original Message ----- From: "Ivan Ristic" <iv...@we...> > The variable that works is SERVER_PROTOCOL. There's one problem, > though. Apache handles requests with invalid protocol versions long > before the request is passed on to mod_security for analysis. That's > why it always responds with 400. Here's an interesting problem.... I have the rule 'SecFilterSelective SERVER_PROTOCOL "!HTTP"' in order to return an error when someone tries something like "GET / JUNK/1.0". However, not only does that not match and reject the intended string, it instead matches any "httpd/unix-directory" handler requests. In other words, all "/" or "/directory/" requests. But it doesn't reject pages that have a filename. The audit log shows the same HTTP protocol in both cases. It seems that SERVER_PROTOCOL isn't matching the right thing. Tom |