Re: [mod-security-users] W3C Validator
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2006-12-06 16:19:50
|
To allow the W3C bot to crawl your site (when using the ModSecurity Core Rules) you can add this rule - SecRule HTTP_User-Agent "W3C-checklink" allow It would even be better if you know which source IP address this is coming from. You can then update this rule with "chain" and assign an allowable source IP like this - SecRule HTTP_User-Agent "W3C-checklink" "chain,allow" SecRule REMOTE_ADDR "^192\.168\.1\.100$" You will need to use this prior to the protocol violation rules if the W3C bot doesn't include the host or Accept request headers, otherwise it will get blocked by these rules - SecRule &REQUEST_HEADERS:Host "@eq 0" \ "deny,log,status:400,id:960008,severity:4,msg:'Request Missing a Host Header'" SecRule &REQUEST_HEADERS:Accept "@eq 0" \ "log,deny,log,status:400,id:960015,msg:'Request Missing an Accept Header'" --=20 Ryan C. Barnett Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache =20 > -----Original Message----- > From: mod...@li... [mailto:mod- > sec...@li...] On Behalf Of Claudiu Grosaru > Sent: Tuesday, December 05, 2006 11:28 PM > To: mod...@li... > Subject: [mod-security-users] W3C Validator >=20 > Hello! >=20 > I've used default modsecurity core rules. > After this, I am unable to validate the html with w3c validator or > silktide.com > Please help me add a rule to allow their robots. >=20 > Thank you! >=20 > Claudiu G >=20 > ------------------------------------------------------------------------ - > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D= DEVDE V > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |