And here we go again. It is obvious that I am the only one complaining about 960017 / 920350. So let's keep it in the default set of rules.
I have not heard support for the same policy with regards to 960015/920300. I take this as a conformation for the idea to move this rule to the paranoia mode. Unless I hear a sudden cry, I will thus update the wiki with these decisions. Ahoj, Christian On Tue, Feb 02, 2016 at 09:32:57AM +0100, Christian Folini wrote: > Hello, > > The discussion on these two rules can be combined, I think. > > 2.2.X rule 960015 (3.0.0rc1 rule 920300) "Request Missing an > Accept Header) is simple enough. Accept headers are mandatory > thus a client request lacking an accept header is thus illegal. > > The problem: A lack of accept headers is widespread and ModSecurity > is not going to fix the internet. Instead, we are generating > false positives and pester our clients (if we block them based on > this rule triggering). > > Moving this false positives generator to the paranoia mode seems > a good move. But your view might vary. > > With 960017 / 920350 (Host header is a numeric IP address), > the situation is slightly different. We agree it is a frequent > source of false positives, but Walter thinks it is not legitimate > users that are affected, but mass scanners. In my experience > it is load balancers and health checkers which fall into this > category as well. And stopping scanners is possibly behind the > scope of a ModSec Core Rules vanilla install. > > So what do we do with this rule? > > Ahoj, > > Christian > > -- > mailto:christian.fol...@netnea.com > http://www.christian-folini.ch > twitter: @ChrFolini > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
