Re: [mod-security-users] http-version
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] http-version
|
From: Tom A. <tan...@oa...> - 2005-02-02 17:48:30
|
----- Original Message ----- From: "Ivan Ristic" <iv...@we...> > Works for me here. From the debug log (at level 9): > > Checking signature "!HTTP" at SERVER_PROTOCOL > Checking against "JUNK/1.0" > Signature check returned 403 > > Which error message are you getting? Look into the debug log at > level 9 for more information. root@www tanderso # tail -n 500 /var/log/apache2/modsec_debug [02/Feb/2005:12:26:40 --0500] [www.tr-teach.org/sid#8280ba8][rid#837d470][/] Filtering off for non-dynamic resources [content-type=httpd/unix-directory] [02/Feb/2005:12:26:40 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] Looking into subrequest because initial request skipped because of DynamicOnly [02/Feb/2005:12:26:40 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] Checking with per-dir-config [:null][/index.html] [02/Feb/2005:12:26:40 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] sec_pre: Filtering off for a subrequest. ... [02/Feb/2005:12:26:40 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] Checking signature "!^$" at HEADER(Transfer-Encoding) [02/Feb/2005:12:26:40 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] Variable value: [] [02/Feb/2005:12:26:40 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] check_sig_against_string: string: regex_result: 0 is_allow: 1 [02/Feb/2005:12:26:40 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] Signature check returned 0 [02/Feb/2005:12:26:40 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] Checking signature "!HTTP" at SERVER_PROTOCOL(SERVER_PROTOCOL) [02/Feb/2005:12:26:40 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] Variable value: [INCLUDED] [02/Feb/2005:12:26:40 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] check_sig_against_string: string: INCLUDED regex_result: 17 is_allow: 1 [02/Feb/2005:12:26:40 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] Pausing [/index.html] for 1000 ms [02/Feb/2005:12:26:41 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] Signature check returned 406 [02/Feb/2005:12:26:41 --0500] [www.tr-teach.org/sid#8280ba8][rid#8385490][/index.html] Access denied with code 406. Pattern match "!HTTP" at SERVER_PROTOCOL. [02/Feb/2005:12:26:41 --0500] [www.tr-teach.org/sid#8280ba8][rid#837d470][/] sec_logger: start Apparently, SERVER_PROTOCOL==INCLUDED for directory listings, and that's causing the problem. Tom |
