Re: [mod-security-users] http-version

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Tom Anderson wrote:
> I'm trying to determine how to match the HTTP protocol version passed in
> from the client in order to help prevent fingerprinting.  For example,
> if the request is "GET / HTTP/3.0", Apache generally returns "400 Bad
> Request" while IIS returns "200 OK", and Netscape returns "505 HTTP
> Version Not Supported".  I'd like to be able to match the HTTP version
> string in order to change the response to 505 or 406 or something else. 
> However, none of the "locations" for SecFilterSelective seem to work. 

   The variable that works is SERVER_PROTOCOL. There's one problem,
   though. Apache handles requests with invalid protocol versions long
   before the request is passed on to mod_security for analysis. That's
   why it always responds with 400.

-- 
Ivan Ristic (http://www.modsecurity.org)