Thread: [mod-security-users] mod_security WSDL issue?
Brought to you by:
victorhora,
zimmerletw
From: David B. <dcb...@ya...> - 2009-06-26 16:53:22
|
Hi,I've been working with mod_security and it's been running fine except when dealing with soap and specifically wsdl. If I'm just using soap, I don't have an issue, but if wsdl is used, I get 401 Unauthorized errors. mod_security's logs all report rules that either "pass" or "SkipAfter" and nothing that appears to outright reject anything. I've been banging on this for hours and I just can't figure out how to get the wsdl through mod_security.Does mod_security have issues with wsdl? Does it mangle part of the request? I would think it wouldn't alter a request at all. It would either let it pass, or discard it.I've had these issues with using a URL in a browser window and also with Ruby's SOAP4R soap library.Thanks,Dave |
From: Brian R. <Bri...@br...> - 2009-06-26 17:09:48
|
David Brown wrote: > Hi, > > I've been working with mod_security and it's been running fine except > when dealing with soap and specifically wsdl. If I'm just using soap, I > don't have an issue, but if wsdl is used, I get 401 Unauthorized errors. > > mod_security's logs all report rules that either "pass" or "SkipAfter" > and nothing that appears to outright reject anything. I've been > banging on this for hours and I just can't figure out how to get the > wsdl through mod_security. > > Does mod_security have issues with wsdl? Does it mangle part of the > request? I would think it wouldn't alter a request at all. It would > either let it pass, or discard it. > > I've had these issues with using a URL in a browser window and also with > Ruby's SOAP4R soap library. Please send the full (sanitized) audit log so we can take a look. Are you sure it is modsecurity and not just a normal 401 that modsecurity is just logging because of SecAuditLogRelevantStatus? -B -- Brian Rectanus Breach Security |
From: Brian R. <Bri...@br...> - 2009-06-26 18:19:24
|
David Brown wrote: > Hi, > > I've been working with mod_security and it's been running fine except > when dealing with soap and specifically wsdl. If I'm just using soap, I > don't have an issue, but if wsdl is used, I get 401 Unauthorized errors. > > mod_security's logs all report rules that either "pass" or "SkipAfter" > and nothing that appears to outright reject anything. I've been > banging on this for hours and I just can't figure out how to get the > wsdl through mod_security. > > Does mod_security have issues with wsdl? Does it mangle part of the > request? I would think it wouldn't alter a request at all. It would > either let it pass, or discard it. > > I've had these issues with using a URL in a browser window and also with > Ruby's SOAP4R soap library. > > Thanks, > > Dave > > From your audit log (from another email): HTTP/1.1 401 Unauthorized Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 365 Keep-Alive: timeout=15, max=1024 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 The WWW-Authentication header is missing, so the UA does not realize it needs to try to do an auth. Given your handler: Apache-Handler: jakarta-servlet Looks like you may be hitting this (bug in mod_jk): https://www.modsecurity.org/tracker/browse/MODSEC-16 -B -- Brian Rectanus Breach Security |