On 01/06/2012 10:23 AM, Szőts Ákos wrote:
No, I don't think so; ModSecurity just get triggered because something in the error_log. "As to the OPTIONS * request failing - make sure there are no hidden rewrite rules or other URI mangling going on." Thank you for the tip. Is there any (easy) way to debug which rewrite rules were applied to a query? The server is in use, so unfortunately I cannot
Enable the rewritelog and see what it says: RewriteLog /some/location RewriteLogLevel 1If RewriteLogLevel 1 does not show you what you need to see, increase it until you do see something, but I would advise you not to run at a high loglevel for long on a production system, as it will cause a massive performance hit.
turn on/off the rules randomly.
Ákos
2012. január 5. 13:49:30 dátummal Igor Cicimov ezt írta:
[error] [client 194.38.104.110] ModSecurity: Warning. String match "Invalid
URI in request" at WEBSERVER_ERROR_LOG. ModSecurity? Protection against
using * in the URI?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See<URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
-- J. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|