Re: [mod-security-users] False-positive running cgi script
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] False-positive running cgi script
|
From: Ivan R. <iv...@we...> - 2006-03-30 08:01:15
|
Steve West wrote: > ModSecurity version: 1.9.2 > Apache version: 1.3.34 > OS: Red Hat Enterprise Linux ES release 3 (Taroon Update 7) > Kernel: Linux 2.4.21-40.ELsmp #1 SMP Thu Feb 2 22:22:39 EST 2006 i686 > i686 i386 GNU/Linux > Browser: IE 6 and Firefox 1.5.1 > > Hi folks, > > We have a cgi script which works fine except for one function which > mod_security blocks when users click on a link sent to their email to > approve their mailing list subscription (double opt-in). > > ... > > The mod_security audit log shows the following: > > ... > > Error: Premature end of script headers: > /hsphere/shared/apache/htdocs/cgi-bin/mail.cgi Whenever mod_security does something it outputs a message into error log to tell you about it. That does not appear to be the case here. It look to me simply as though the CGI script is malfunctioning somehow. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net |
