Re: [mod-security-users] Strange error when blocking a petition
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Strange error when blocking a petition
|
From: Alberto G. I. <ag...@in...> - 2005-03-30 07:59:29
|
On Tue, Mar 29, 2005 at 03:51:43PM -0500, Tom Anderson wrote: >=20 > ----- Original Message -----=20 > From: "Alberto Gonzalez Iniesta" <ag...@in...> > To: <mod...@li...> > Sent: Tuesday, March 29, 2005 11:53 AM > Subject: [mod-security-users] Strange error when blocking a petition >=20 >=20 > >Hi all, > > > >I'm getting the following error from time to time. I'm not running > >windows, so I'm not very worried about it, but the > >'ap_setup_client_block failed with 400' message doesn't look good. Is = it > >a problem with my mod_security installation? Or is it normal? > > > >195.194.x.x - - [24/Mar/2005:00:54:50 +0100] "POST=20 > >/_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 500 647 Access denied with co= de=20 > >500. ap_setup_client_block failed with 400 >=20 > Here's some things that would probably catch this on my system: >=20 > SecFilterSelective "HTTP_TRANSFER_ENCODING" "chunked" Here: SecFilterSelective HTTP_Transfer-Encoding "!^$" > SecFilter=20 > "\.(conf|cf|ini|cfg|htpasswd|htaccess|htgroup|inc|history|bash_history|= exe|pwd|cnf|dll)" >=20 > I also have this, but I don't recall why: >=20 > SecFilter errors/400 >=20 > I have a bunch of "/_vti_bin" requests in my error log, but they are al= l=20 > 404. How did you get a 500 instead of a 404 if they're posting to a dl= l=20 > and you're not running Windows? I get a 500 'cos the petition probably triggered the HTTP_Transfer-Encoding rule or any other. The file asked by the client does not have to exist to trigger a rule and get kicked. --=20 Alberto Gonzalez Iniesta | Formaci=F3n, consultor=EDa y soporte t=E9cn= ico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint =3D 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 |
