Re: [mod-security-users] sec_filter_out: Invalid Content-Length: 0
Brought to you by:
victorhora,
zimmerletw
From: Philippe B. <pbo...@ci...> - 2005-09-27 12:06:06
|
Re, >>HTTP/1.1 200 OK >>Server: Microsoft-IIS/5.0 >>Date: Tue, 27 Sep 2005 09:15:47 GMT >>Content-Type: image/gif >>Accept-Ranges: bytes >>Last-Modified: Sun, 27 Mar 2005 00:01:15 GMT >>ETag: "d0cf6f186c32c51:905" >>Content-Length: 76 >>GIF89 [ gif_content... ]=C7=F2L=D7=B6\;HTTP/1.1 400 Bad Request >>Server: Microsoft-IIS/5.0 >>Date: Tue, 27 Sep 2005 09:15:47 GMT >>Content-Type: text/html >>Content-Length: 80 > > This looks like the bug I just fixed a few days ago. In fact, I am > still waiting for the confirmation on that one. I can include the > fix for this in the version I wrap for you to test and you'll let > me know. > > But, mod_security should look at the bodies of GIF images, shouldn't > it? I don't think so... and why would that change the content-length anyway ? > Are you using SecFilterOutputMimeTypes to restrict output > filtering by MIME type? No, I don't need this, especially while filtering the output. >>Why does it say "content-length: 0" while none=20 >>of these content-length are equal to 0. > It's a bug in mod_security. It is legal (according to the HTTP spec) > to have a Content-Length of zero. OK >>Is there a way to disable this warning other than by modifying the code ? > > No, there isn't. But that's not the problem because I will modify > the code. You did not mention the version you are using: is it > 1.8.7? Yes, stable. > If you want to try something from the 1.9 branch, 1.9 Release > Candidate will be ready on Monday. Nice, I'll install it when it's released. Sincerely, Philippe Bourcier |