5 May 07:41
Re: HTTP 413,417 instead of 400?
From: Vinci <vinci.wong <at> polyu.edu.hk>
Subject: Re: HTTP 413,417 instead of 400?
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-05 05:41:49 GMT
Subject: Re: HTTP 413,417 instead of 400?
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-05 05:41:49 GMT
Dear Ryan, (Sorry reply to my replying mail directly) Thank you for your kindly reply. I am using apache2-mpm-worker 2.2.4, the latest mod_security. All the setting except path I am using the default value. I have read the thread, just want some clarification: If I see the thing like "Apache Error:..... Invalid Content-Length", that means apache throw out the error and skip the rest of the mod_security? Also I didn't see the line "Message: Error reading request body: HTTP Error 413 - Request entity too large. (Most likely.)", But "Message: Access denied with code 400 (phase 2). Match of "rx ^\\d+$" against "REQUEST_HEADERS:Content-Length" required. [id "960016"] [msg "Content-Length HTTP header is not numeric"] [severity "CRITICAL"]" only. I will go to double check the log. (Or did my Debug or Log level is too low in order to see the message?) Thank you, Vic 2008/5/5 Ryan Barnett <Ryan.Barnett <at> breach.com>: > What versions of Apache and ModSecurity are you using? As reference, > you can also look at this previous thread on this topic - > http://thread.gmane.org/gmane.comp.apache.mod-security.user/3286/focus=3 > 300 > > -Ryan > > > > > -----Original Message----- > > From: mod-security-users-bounces <at> lists.sourceforge.net [mailto:mod- > > security-users-bounces <at> lists.sourceforge.net] On Behalf Of Vinci > > Sent: Sunday, May 04, 2008 12:50 PM > > To: mod-security-users <at> lists.sourceforge.net > > Subject: [mod-security-users] HTTP 413,417 instead of 400? > > > > Hi all, > > > > I am trying to testing my server ability with the mod_security. > > While testing, I found double Content-Length will give me http 413 > > instead of http 400, which I found in both access log and audit log; > > but the browser give me http 413 > > (This appear in another server as well) > > > > Also, same condition appear in Expect attack, 417 received instead of > > 400, which I trying to insert javascript code in the Expect header > > field. > > > > Can anybody give me explanation? I am using the default rule set with > > default setting only. > > > > Thank you, > > Vic > > > > > ------------------------------------------------------------------------ > - > > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > > Don't miss this year's exciting event. There's still time to save > $100. > > Use priority code J8TL2D2. > > > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/j > av > > aone > > _______________________________________________ > > mod-security-users mailing list > > mod-security-users <at> lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
RSS Feed