Re: [mod-security-users] warning Patern match "^$" at HEADER
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] warning Patern match "^$" at HEADER
|
From: Ivan R. <iv...@we...> - 2005-08-10 09:35:30
|
Markus Rietzler wrote: > i get a lot of: > > mod_security: Warning. Pattern match "^$" at HEADER [hostname "www.myserver.xx"] [uri "/cgi-bin/somescript.pl?someparams"] > > in my error log. > > my conf shows: > > # only valid protocols > SecFilterSelective SERVER_PROTOCOL !^HTTP/(0\.9|1\.0|1\.1)$ > SecFilterSelective REQUEST_METHOD !^(GET|HEAD|POST)$ > # host header present > # SecFilterSelective HTTP_Host ^$ > > > so as the line is commented this error shouldn't occur. Correct. Did you restart Apache since you made changes to the configuration file? Maybe the message in the error log is from before you made the changes? > is this something i have to take care? does it mean, that > people couldn't open our pages? Not likely. Some scripts or automated tools fail to use the Host header. Or it could have been a manual access. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
