Hi Ryan,
Thanks, i tried the simple Secrule below,
SecRule REQUEST_HEADERS:User-Agent
"Google_Analytics_Content_Experiments" "log,allow"
Can you refer the correct method to do it..
Saneesh.
On 17-04-2013 18:20, Ryan Barnett wrote:
Saneesh,
You should be able to do an exception for this. What was your exception that
you tried?
-Ryan
________________________________________
From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org
[owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] on behalf of SANEESH
[sanee...@scigenom.com]
Sent: Wednesday, April 17, 2013 8:32 AM
To: owasp-modsecurity-core-rule-set@lists.owasp.org
Subject: [Owasp-modsecurity-core-rule-set] Mod_Security Blocks
Google_Analytics_Content_Experiments
Hi,
Am trying to integrate Google_Analytics_Content_Experiments to my webpages, when trying the
Analytic test am getting "We encountered an error while trying to connect to the server with
your web pages (HTTP status: 403)". I found this is because mod_security is blocking the
request..Please check the below log for more details..I tried to add exception for "user
Agent: Google_Analytics_Content_Experiments", but no luck..Please help.
Log:
[17/Apr/2013:07:26:18 --0400] wSzSgUDPmqEAABafQXYAAAAA 74.125.186.151 54656
64.207.154.161 80
--e29d6a3c-B--
GET /pro-membership2 HTTP/1.1
User-Agent: Google_Analytics_Content_Experiments
(http://support.google.com/analytics/bin/answer.py?topic=1745208&answer=1665377)
Host:www.test.com
Accept-Encoding: gzip
--e29d6a3c-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 25 May 2011 01:34:04 GMT
ETag: "1c00603-3c2-4a40fb3273b00"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 553
Connection: close
Content-Type: text/html
--e29d6a3c-H--
Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file
"/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "2.2.5"] [msg
"Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag
"OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]
Action: Intercepted (phase 2)
Stopwatch: 1366197978059393 1535 (- - -)
Stopwatch2: 1366197978059393 1535; combined=388, p1=262, p2=86, p3=0, p4=0,
p5=40, sr=99, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.6.8 (http://www.modsecurity.org/);
OWASP_CRS/2.2.5.
Server: Apache
Rgrds,
Saneesh C.
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
________________________________
This transmission may contain information that is privileged, confidential,
and/or exempt from disclosure under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution,
or use of the information contained herein (including any reliance thereon) is
STRICTLY PROHIBITED. If you received this transmission in error, please
immediately contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format.
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
