Re: [mod-security-users] What is this? Can you please explain?
Brought to you by:
victorhora,
zimmerletw
From: Ofer S. <OferS@Breach.com> - 2007-05-28 20:05:58
|
What rule set does the Mandriva package uses? =20 ~ Ofer =20 From: Albert E. Whale [mailto:aewhale@ABS-CompTech.com]=20 Sent: Monday, May 28, 2007 5:57 PM To: Ofer Shezaf Cc: Christian Bockermann; mod...@li... Subject: Re: [mod-security-users] What is this? Can you please explain? =20 Thank you. Since this is a Mandriva release of the Mod_Security package I can review the information and fix it for me, and also the Mandriva distribution ... this may help a few other newcomers as well. Thank you! Ofer Shezaf wrote:=20 Actually Albert might be right. Some versions of Apache use an internal keep alive pinger that issues a request without a host name. =20 The Core Rule Set have a specific exclusion for that, but this rule is probably not part of the Core Rule Set (no rule ID) and blocks this request. =20 In order to verify we will need the entire request as you can find in the audit log. =20 So in order to permit it: either use the core rule set instead of the rules you use or refer to Ryan's recent blog entry on creating exceptions http://www.modsecurity.org/blog/archives/2007/02/handling_false.html =20 ~ Ofer =20 =20 -----Original Message----- From: mod...@li... [mailto:mod- sec...@li...] On Behalf Of Christian Bockermann Sent: Monday, May 28, 2007 11:20 AM To: aewhale@ABS-CompTech.com Cc: mod...@li... Subject: Re: [mod-security-users] What is this? Can you please =20 explain? =20 Hi Albert! =20 In this case it is not the fact that it's the localhost, but a matter of a missing/empty Accept-Header in the request. Do you use the =20 core-rules =20 or any custom-made ruleset? =20 The core rules contain some checks that complain if an Accept-header =20 is =20 missing. This is a problem I observed with some RSS-clients for example. According to the RFC the Accept-header is optional. =20 Regards, Chris =20 =20 Am 28.05.2007 um 05:26 schrieb Albert E. Whale: =20 =20 Too me this appears to indicate that the localhost is not permitted to test the root level of the web Server. Why? =20 [Sun May 27 23:24:03 2007] [error] [client 127.0.0.1] mod_security: Access denied with code 500. Pattern match "^$" at HEADER("Accept") [severity "EMERGENCY"] [hostname "127.0.0.1"] [uri "/"] [unique_id "R9xVQH8AAAEAAAN2kzoAAAAF"] =20 Where can I permit this? =20 -- Albert E. Whale, CHS CISA CISSP Sr. Security, Network, Risk Assessment and Systems Consultant ABS Computer Technology, Inc. - Email, Internet and Security Consultants SPAMZapper - No-JunkMail.com - True Spam Elimination. =20 =20 --------------------------------------------------------------------- =20 - =20 --- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ mod-security-users mailing list mod...@li... =09 https://lists.sourceforge.net/lists/listinfo/mod-security-users =20 =20 =20 =20 ----------------------------------------------------------------------- =20 -- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users =20 =20 ------------------------------------------------------------------------ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users =20 =20 =20 --=20 Albert E. Whale, CHS CISA CISSP Sr. Security, Network, Risk Assessment and Systems Consultant ________________________________ ABS Computer Technology, Inc. <http://www.ABS-CompTech.com> - Email, Internet and Security Consultants SPAMZapper <http://www.Spam-Zapper.com> - No-JunkMail.com <http://www.No-JunkMail.com> - True Spam Elimination.=20 |