[mod-security-users] Re: Strange error when blocking a petition
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Re: Strange error when blocking a petition
|
From: dusky <she...@li...> - 2005-10-27 23:42:15
|
Tom Anderson <tanderso <at> oac-design.com> writes: > > > ----- Original Message ----- > From: "Alberto Gonzalez Iniesta" <agi <at> inittab.org> > To: <mod-security-users <at> lists.sourceforge.net> > Sent: Tuesday, March 29, 2005 11:53 AM > Subject: [mod-security-users] Strange error when blocking a petition > > > Hi all, > > > > I'm getting the following error from time to time. I'm not running > > windows, so I'm not very worried about it, but the > > 'ap_setup_client_block failed with 400' message doesn't look good. Is it > > a problem with my mod_security installation? Or is it normal? > > > > 195.194.x.x - - [24/Mar/2005:00:54:50 +0100] "POST > > /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 500 647 Access denied with code > > 500. ap_setup_client_block failed with 400 > > Here's some things that would probably catch this on my system: > > SecFilterSelective "HTTP_TRANSFER_ENCODING" "chunked" > > SecFilter > "\. (conf|cf|ini|cfg|htpasswd|htaccess|htgroup|inc|history|bash_history|exe|pwd|cnf| dll)" > > I also have this, but I don't recall why: > > SecFilter errors/400 > > I have a bunch of "/_vti_bin" requests in my error log, but they are all > 404. How did you get a 500 instead of a 404 if they're posting to a dll and > you're not running Windows? > > Tom > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > I may be wrong, but if you have this in your apache's mod_security: SecServerSignature "Microsoft-IIS/5.0" (when you're running Apache), then someone obviously thinks you're truly running MS server. I have it in mine to confuse hackers... Try it and have a look at your headers in stats logs etc...it'll have that instead of the real info that you do not wish to disclose to competitors, hackers...( or to boost that you can afford an expensive server :) !!! I know most know about this trick, but there'll always be a newbie somewhere! dusky |
