I also needed to set ServerTokens from Prod to Full in /etc/apache2/apache2.conf
And I have some problems after enabling mod_security2:
- HTTP 501/HTTP 505 response when editing a record in PMA
- HTTP 400 response when using my ip-adres instead of my main-domain.
(before I always saw the ISPCP login)
I see many entry's like this in /var/log/apache2/error.log:
Code:
[Sun Apr 20 20:40:08 2008] [error] [client 127.0.0.1] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/modsecurity2/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "localhost"] [uri "/watch-list"] [unique_id "T-tpl1GpgkIAAD@pFY4AAAAA"]
[Sun Apr 20 20:40:08 2008] [error] [client 127.0.0.1] ModSecurity: Warning. Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/modsecurity2/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "localhost"] [uri "/watch-list"] [unique_id "T-tpl1GpgkIAAD@pFY4AAAAA"]
I think it's the munin/monit daemon checking 127.0.0.1 for the apache service.
How can I allow it for 127.0.0.1 only? I don't want to uncomment te whole rule.
I also get a error 500 when browsing my SVN with tortoise
Search
Member List
Calendar
Help
