Re: [mod-security-users] mod_security IE vs Firefox problem
Brought to you by:
victorhora,
zimmerletw
From: MARTIN, J. (ATTSI) <JM...@at...> - 2010-09-27 16:44:57
|
SecAuditLogRelevantStatus controls that. I am guessing that it is configured to log all 403's. There might be a behavior difference between firefox and ie such that IE submits a request sans-auth and gets a 403 then submits the certificates, while perhaps firefox submits the cert straight away. That's just a theory though. -Jason Martin -----Original Message----- From: rud...@ne... [mailto:rud...@ne...] Sent: Monday, September 27, 2010 2:30 AM To: mod...@li... Subject: [mod-security-users] mod_security IE vs Firefox problem Hi, I'm a beginner using mod_security (Version 1.6.0 - 2008/02/19) with apache (apache2-2.0.59-1.17) on SLES9 SP4. It works fine but in the modsec_audit log file there are messages. These messages will appear using Microsoft IE 8 (8.0.6001) at the beginning of the session. But after these Messages the application will work fine. The user will not be notified, there is no "403 Forbidden" message. But using Firefox (3,5 or 3.6) there are no Messages in the modsec_audit log file. What ca I do to eliminate these messages? The applicaation is secured by using server and client certificates. ---------------------------- --7a3b193e-A-- [27/Sep/2010:10:58:20 +0200] 7hzFKMCoMiAAAEqFHgEAAACD (my_ip) 3125 (server-ip) 443 --7a3b193e-B-- GET /appl/entry.do HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: de User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 1.1.4322) Accept-Encoding: gzip, deflate Host: 192.168.50.30 Connection: Keep-Alive --7a3b193e-F-- HTTP/1.0 403 Forbidden Vary: accept-language,accept-charset Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=iso-8859-1 Content-Language: de --7a3b193e-H-- Apache-Handler: type-map Stopwatch: 1285577900868904 18601 (- - -) Producer: ModSecurity for Apache/2.5.10 (http://www.modsecurity.org/); core ruleset/1.6.0. Server: Apache --7a3b193e-K-- --7a3b193e-Z-- ------------------------------- Thanks a lot. Bye Rudi ------------------------------------------------------------------------ ------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Appliances, Rule Sets and Support: http://www.modsecurity.org/breach/index.html |