Re: [mod-security-users] sec_filter_out: Invalid Content-Length: 0

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Philippe Bourcier wrote:
> 
> Hi folks,
> 
> On a reverse proxy I've setup, I'm getting tons (like 10/sec) of :
> mod_security: sec_filter_out: Invalid Content-Length: 0
> ...errors in my logs.
 >
 > ...
> 
> OK... but also, a bit more strange (this is the output of a GET 
> /image/thing.gif) :
> (yes, there are 2 answers at the same time and the image is displayed)
> 
> HTTP/1.1 200 OK
> Server: Microsoft-IIS/5.0
> Date: Tue, 27 Sep 2005 09:15:47 GMT
> Content-Type: image/gif
> Accept-Ranges: bytes
> Last-Modified: Sun, 27 Mar 2005 00:01:15 GMT
> ETag: "d0cf6f186c32c51:905"
> Content-Length: 76
> 
> GIF89 [ gif_content... ]ÇòL×¶\;HTTP/1.1 400 Bad Request
> Server: Microsoft-IIS/5.0
> Date: Tue, 27 Sep 2005 09:15:47 GMT
> Content-Type: text/html
> Content-Length: 80

   This looks like the bug I just fixed a few days ago. In fact, I am
   still waiting for the confirmation on that one. I can include the
   fix for this in the version I wrap for you to test and you'll let
   me know.

   But, mod_security should look at the bodies of GIF images, shouldn't
   it? Are you using SecFilterOutputMimeTypes to restrict output
   filtering by MIME type?

> Why does it say "content-length: 0" while none of these content-length 
> are equal to 0.

   It is, the first one:

 > HTTP/1.0 302 Moved Temporarily
 > Server: Microsoft-IIS/5.0
 > [...]
 > Location: http://blah/expired.htm
 > Content-Length: 0
 > [...]
 > Connection: close

   It's a bug in mod_security. It is legal (according to the HTTP spec)
   to have a Content-Length of zero.

> Is there a way to disable this warning other than by modifying the code ?

   No, there isn't. But that's not the problem because I will modify
   the code. You did not mention the version you are using: is it
   1.8.7? If you want to try something from the 1.9 branch, 1.9 Release
   Candidate will be ready on Monday.

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org