Re: [mod-security-users] Retry-After header not being set?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Retry-After header not being set?
|
From: Reindl H. <h.r...@th...> - 2022-02-17 23:07:23
|
Am 18.02.22 um 00:02 schrieb Jamie Burchell: > No, I'm not sending the headers from there, but I could you must > I expected the > headers set by Apache to work though, since the HSTS header works. your expectation is simply wrong when you use a PHP script for error-pages the default response is 200 because you override the error rule of thumbs: don't use custom error pages (with dynamic scripts) for anything else but 403/404 and for rate-limits (which shouldn't be handeled in the application layer to begin with) it's pretty nonsense to add the burden of a dynamic script > -----Original Message----- > From: Reindl Harald <h.r...@th...> > Sent: 17 February 2022 21:26 > To: mod...@li... > Subject: Re: [mod-security-users] Retry-After header not being set? > > > > Am 17.02.22 um 21:35 schrieb Jamie Burchell: >> Hi Andrew >> >> Thanks for taking the time to help me. I have narrowed the header >> issue down. If I remove: >> >> ErrorDocument 429 /error.php >> >> The default Apache error document is used, and the header is in the >> response. It seems that somehow it is being removed when I'm passing >> the processing off to PHP-FPM > > does your "error.php" send the correct header? |
