[mod-security-users] sec_filter_out: Invalid Content-Length: 0
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] sec_filter_out: Invalid Content-Length: 0
|
From: Philippe B. <pbo...@ci...> - 2005-09-27 09:40:03
|
Hi folks, On a reverse proxy I've setup, I'm getting tons (like 10/sec) of : mod_security: sec_filter_out: Invalid Content-Length: 0 ...errors in my logs. Here is the only interesting parts in my=20 configuration that cause is causing these messages : SecFilterScanOutput On (yes, I scan output for ADODB errors (for= example)...) Here is the kind of headers that cause this : HTTP/1.0 302 Moved Temporarily Server: Microsoft-IIS/5.0 [...] Location: http://blah/expired.htm Content-Length: 0 [...] Connection: close OK... but also, a bit more strange (this is the=20 output of a GET /image/thing.gif) : (yes, there are 2 answers at the same time and the image is displayed) HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Tue, 27 Sep 2005 09:15:47 GMT Content-Type: image/gif Accept-Ranges: bytes Last-Modified: Sun, 27 Mar 2005 00:01:15 GMT ETag: "d0cf6f186c32c51:905" Content-Length: 76 GIF89 [ gif_content... ]=C7=F2L=D7=B6\;HTTP/1.1 400 Bad Request Server: Microsoft-IIS/5.0 Date: Tue, 27 Sep 2005 09:15:47 GMT Content-Type: text/html Content-Length: 80 <html><head><title>Error</title></head><body>Incorrect=20 Parameter. </body></html> Why does it say "content-length: 0" while none of=20 these content-length are equal to 0. Is there a way to disable this warning other than by modifying the code ? Sincerely, Philippe Bourcier |
