Hi Folks, I'm just getting started experimenting with the CRS, so I'm going to have a bunch of questions about some of the default rules.
Here's the first: I can't spot a problem in the requested URI. (In fact, it looks typical to me.) Can you help me figure out what's triggering the warning? Thanks, Jamie --aa2d203d-A-- [20/Mar/2014:10:55:14 --0400] UysBUn8AAQEAACbzCEMAAAAK 127.0.0.1 53771 127.0.0.1 443 --aa2d203d-B-- GET / HTTP/1.1 Host: local.mysite.info Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36 Referer: https://local.mysite.info/ Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Cookie: USERID=; USERHASH=; ORIGINALURLTOKEN=967683ED%2DD2D8%2D4EFB%2D8EA1F7D5E610EA74; MOBILEFORMAT=false; CFID=155102; CFTOKEN=61883191; CFAUTHORIZATION_cfadmin=YWRtaW4NNkFBQTRCN0IzNDQ4NTRFQzg0RDQzNEVBNjBDMkE1NDI1Qjk3QTQxQw1jZmFkbWlu; CFADMIN_LASTPAGE_ADMIN=%2FCFIDE%2Fadministrator%2Fdebugging%2Findex%2Ecfm; JSESSIONID=9830fde5266a22573ad64313382327227d5d; __utma=182783035.782843501.1395323759.1395323759.1395326921.2; __utmb=182783035.3.10.1395326921; __utmc=182783035; __utmz=182783035.1395323759.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) --aa2d203d-F-- HTTP/1.1 200 OK Content-Language: en-US Vary: Accept-Encoding Content-Encoding: gzip Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --aa2d203d-E-- <snip> --aa2d203d-H-- Message: Warning. String match "Invalid URI in request" at WEBSERVER_ERROR_LOG. [file "/etc/modsecurity/activated_rules/modsecurity_crs_20_protocol_violations.conf"] [line "82"] [id "981227"] [rev "1"] [msg "Apache Error: Invalid URI in Request."] [data "GET / HTTP/1.1"] [severity "WARNING"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] Apache-Error: [file "core.c"] [line 3558] [level 3] Invalid URI in request GET / HTTP/1.1, referer: https://local.mysite.info/ Apache-Handler: jrun-handler Stopwatch: 1395327314069020 371594 (- - -) Stopwatch2: 1395327314069020 371594; combined=23196, p1=524, p2=11283, p3=38, p4=10878, p5=467, sr=154, sw=6, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.6.6 (http://www.modsecurity.org/); OWASP_CRS/2.2.9. Server: Apache/2.2.22 (Ubuntu) WebApp-Info: "default" "-" "" --aa2d203d-Z--
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
