[mod-security-users] Unknown content-type error
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Unknown content-type error
|
From: Rohini H <roh...@gm...> - 2015-01-04 05:30:56
|
Hi Team., I have encountered with Unknown content-Type while uploading jpg files., Please bare with me on my posting as I am using the Mod Security very first time., My setup is on LAMP with PHP framework Here is the log I am getting POST /index.php?/xxxx/owner/registration.html HTTP/1.1 Host: my.site.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip Referer: http://my.site.com/index.php?/xxxx/owners/132.html Cookie: __utma=197246140.154331956.149418711.1419432679.141917316.6; __utmz=197246140.1419418711.1.1.utmcsr=(direct)|utmccn=(direct)|utmcm d=(none); __utmb=197246140.3.10.1419917316; __utmc=197246140; ci_session=a%3A6%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22331a8d3d9c3ad7cb 257527aafb0644e%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%221.2.3.4%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A65%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+rv%3A34.0%29+Gecko%2F20100101+Firefox%2F34.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1419918324%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A9%3A%22logged_in%22%3Ba%3A5%3A%7Bs%3A8%3A%22username%22%3Bs%3A14%3A%22xxx%40xxxxxx%22%3Bs%3A5%3A%22utype%22%3Bs%3A3%3A%22xxx%22%3Bs%3A6%3A%22id%22%3Bs%32%3A%2279%22%3Bs%3A7%3A%22id%22%3BN%3Bs%3A7%3A%22name%22%3Bs%3A3%3A%22abc1419917482%22%3B%7D%7 D5c2109b0b6ffcf70bd2177e44f8ebc Content-Type: multipart/form-data; boundary=---------------------------83581385712378 Content-Length: 2552 --85d1da45-I-- --85d1da45-F-- HTTP/1.1 200 OK Vary: Accept-Encoding,User-Agent Content-Encoding: gzip X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-WebKit-CSP: default-src 'self' X-Permitted-Cross-Domain-Policies: master-only Content-Length: 7293 Connection: close Content-Type: text/html; charset=UTF-8 --85d1da45-H-- Message: Pattern match "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"\\'\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\> ].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "168"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:6:{s:10:\x22session_id\x22;s:32:\x221331a815d3d9c3adc7cb2575afb064f4e\x22;s:10:\x22ip_address\x22;s:13:\x221.2.3.4\x22;s:10:\x22user_agent\x22;s:65:\x22Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0\x22;s:13:\x22last_activity\x22;i:1419918324;s:9:\x22user_data\x22;s:0:\x22\x22;s:9:\x22logged_in\x22;a:5:{s:8:\x22user-name\x22;s:14:\x22xxxx\x22;s:5:\x22utype\x22;s:3:\x22xxx\x22;s:6:\x22DI\x22;s:2:\x2279\x22;s:7:..."] [ver"OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] Message: Pattern match "(?i:(?:[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98]\\s*?\\*.+(?:x?or|div|like|between|and|id)\\W*?[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98]\\d)|(?:\\^[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98])|(?:^[\\w\\s\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98-]+(?<=and\\s)(?<=or|xor ..." at REQUEST_COOKIES:ci_session. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "257"] [id "981243"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \x22106.51 found within REQUEST_COOKIES:ci_session: a:6:{s:10:\x22session_id\x22;s:32:\x22331a85d3d9c3ad7cb257527aafb0644e\x22;s:10:\x22ip_address\x22;s:13:\x221.2.3.4\x22;s:10:\x22user_agent\x22;s:0:\x22\x22;s:9:\x22logged\x22;a:5:{s:8:\x22xxxxxx\x22;s:14:\x22xxxxx\x22;s:5:\x22utype\x22;s:3:\x22xxx\x22;s:6:\x22id\x22;s:2:\x2279..."] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQLI"] Message: Warning. Operator LT matched 10 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_60_correlation.conf"] [line "33"] [id "981203"] [msg "Inbound Anomaly Score (Total Inbound Score: 8, SQLi=2, XSS=): 981243-Detects classic SQL injection probings 2/2"] Apache-Handler: php5-script Stopwatch: 1419918434958319 62926 (- - -) Stopwatch2: 1419918434958319 62926; combined=24310, p1=327, p2=23762, p3=3, p4=68, p5=149, sr=88, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.7.3 (http://www.modsecurity.org/); OWASP_CRS/2.2.6. Server: Apache Engine-Mode: "ENABLED" --85d1da45-J-- 24,0,"","<Unknown ContentType>" Total,0 - |
