Hi guys. I do not understand why modsecurity removes stuff from my http-response-headers in detection mode? I am using nginx 1.6 and modsecurity 2.8.
Response headers: Without modsecurity-module loaded: HTTP/1.1 200 OK Server: nginx/1.6.0 Date: Thu, 26 Jun 2014 07:04:31 GMT Content-Type: text/html Connection: keep-alive Set-Cookie: PMLCID=XXXXXXXXXXXXXXXXXXXXXX; expires=Sat, 26-Jul-14 07:04:31 GMT;path=/; secure; HttpOnly X-Server-Name: server22 P3P: CP="NON DSP CURa CUSa OUR NOR STA" Content-Length: 13809 With modsecurity-module enabled but with "SecRuleEngine DetectionOnly" HTTP/1.1 200 OK Server: nginx/1.6.0 Date: Thu, 26 Jun 2014 07:07:47 GMT Content-Type: text/html Connection: keep-alive Set-Cookie: PMLCID=XXXXXXXXXXXXXXXXXXXXXX; expires=Sat, 26-Jul-14 07:07:47 GMT;path=/; secure; HttpOnly Content-Length: 13809 Med venlig hilsen/Regards Søren Christian Aarup DBA/System Administrator LinkedIn: www.linkedin.com/in/aarup<http://www.linkedin.com/in/aarup> [DIBS - Payments made easy]<http://www.dibs.dk/>
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
