Thank you.  Since this is a Mandriva release of the Mod_Security package I can review the information and fix it for me, and also the Mandriva distribution ... this may help a few other newcomers as well.

Thank you!

Ofer Shezaf wrote:
Actually Albert might be right. Some versions of Apache use an internal
keep alive pinger that issues a request without a host name.

The Core Rule Set have a specific exclusion for that, but this rule is
probably not part of the Core Rule Set (no rule ID) and blocks this
request.

In order to verify we will need the entire request as you can find in
the audit log.

So in order to permit it: either use the core rule set instead of the
rules you use or refer to Ryan's recent blog entry on creating
exceptions
http://www.modsecurity.org/blog/archives/2007/02/handling_false.html

~ Ofer

  
-----Original Message-----
From: mod-security-users-bounces@lists.sourceforge.net [mailto:mod-
security-users-bounces@lists.sourceforge.net] On Behalf Of Christian
Bockermann
Sent: Monday, May 28, 2007 11:20 AM
To: aewhale@ABS-CompTech.com
Cc: mod-security-users@lists.sourceforge.net
Subject: Re: [mod-security-users] What is this? Can you please
    
explain?
  
Hi Albert!

In this case it is not the fact that it's the localhost, but a matter
of
a missing/empty Accept-Header in the request. Do you use the
    
core-rules
  
or any custom-made ruleset?

The core rules contain some checks that complain if an Accept-header
    
is
  
missing. This is a problem I observed with some RSS-clients for
example.
According to the RFC the Accept-header is optional.

Regards,
     Chris


Am 28.05.2007 um 05:26 schrieb Albert E. Whale:

    
Too me this appears to indicate that the localhost is not permitted
to test the root level of the web Server.  Why?

[Sun May 27 23:24:03 2007] [error] [client 127.0.0.1] mod_security:
Access denied with code 500. Pattern match "^$" at HEADER("Accept")
[severity "EMERGENCY"] [hostname "127.0.0.1"] [uri "/"] [unique_id
"R9xVQH8AAAEAAAN2kzoAAAAF"]

Where can I permit this?

--
Albert E. Whale, CHS CISA CISSP
Sr. Security, Network, Risk Assessment and Systems Consultant
ABS Computer Technology, Inc. - Email, Internet and Security
Consultants
SPAMZapper - No-JunkMail.com - True Spam Elimination.

      
---------------------------------------------------------------------
  
-
    
---
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
      

    
-----------------------------------------------------------------------
  
--
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
    

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users

  


--
Albert E. Whale, CHS CISA CISSP
Sr. Security, Network, Risk Assessment and Systems Consultant

ABS Computer Technology, Inc. - Email, Internet and Security Consultants
SPAMZapper - No-JunkMail.com - True Spam Elimination.