[mod-security-users] Testing modsecurity

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

Testing modsecurity, if I enter the IP address of the server, I get the
following:

[Mon Mar 25 12:34:02.300806 2019] [:error] [pid 14540] [client
192.168.1.11:57650] [client 192.168.1.11] ModSecurity: Warning. Pattern
match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file
"/etc/httpd/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"]
[line "798"] [id "920350"] [msg "Host header is a numeric IP address"]
[data "192.168.1.2"] [severity "WARNING"] [ver "OWASP_CRS/3.1.0"] [tag
"application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag
"attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag
"WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname
"192.168.1.2"] [uri "/favicon.ico"] [unique_id "XJkC@tolWxi51pCyjt7yHwAAAAI"],
referer: http://192.168.1.2/

I created a a test /etc/passwd in my root documentfolder, but I can still
access the file, I read on a website this would be a simple test, am I
missing something

Thanks
Monah