Thread: [mod-security-users] mod_security-message: ... error code 104

Brought to you by: victorhora, zimmerletw

mod-security-users

[mod-security-users] mod_security-message: ... error code 104

From: Roger R. <ro...@ma...> - 2006-07-11 07:19:56

Hello there!

I've got problems with only 1 user using a php-fileupload script. 

Audit-log:

mod_security-message: Access denied with code 500. Error reading request
body, error code 104: Connection reset by peer [severity "EMERGENCY"]
mod_security-action: 500

28
[POST payload not available]

How can I help him?

(me using apache 2.0 and mod_security (how can I find the mod-version?) on
debian sarge)

Thanks!
Regards, Roger.

Re: [mod-security-users] mod_security-message: ... error code 104

From: Ivan R. <iva...@gm...> - 2006-07-11 08:39:38

On 7/11/06, Roger Rehnelt <ro...@ma...> wrote:
> Hello there!
>
> I've got problems with only 1 user using a php-fileupload script.
>
> Audit-log:
>
> mod_security-message: Access denied with code 500. Error reading request
> body, error code 104: Connection reset by peer [severity "EMERGENCY"]
> mod_security-action: 500
>
> 28
> [POST payload not available]
>
> How can I help him?

That does not appear to be a mod_security problem. The message says
the client simply went away and that probably means he has a bad
Internet connection.


> how can I find the mod-version?

It should be in the error log near the Apache startup time.

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall

Re: [mod-security-users] mod_security-message: ... error code 104

From: Roger R. <ro...@ma...> - 2006-07-11 09:07:39

> That does not appear to be a mod_security problem. The message says
> the client simply went away and that probably means he has a bad
> Internet connection.

But why can i find the logentry above in the audit.log?

> It should be in the error log near the Apache startup time.

Ah, thanks. It's 1.9.4

Re: [mod-security-users] mod_security-message: ... error code 104

From: Ivan R. <iva...@gm...> - 2006-07-11 13:49:01

On 7/11/06, Roger Rehnelt <ro...@ma...> wrote:
> > That does not appear to be a mod_security problem. The message says
> > the client simply went away and that probably means he has a bad
> > Internet connection.
>
> But why can i find the logentry above in the audit.log?

Because it's not always possible for ModSecurity to figure out the
nature of a problem. Therefore I made it to block entries whenever
something overly suspicious takes place. It's better to be safe than
sorry.

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall