[error] [client 194.38.104.110] ModSecurity: Warning. String match "Invalid URI in request" at WEBSERVER_ERROR_LOG.
ModSecurity? Protection against using * in the URI? On Thu, Jan 5, 2012 at 6:17 AM, Jeroen Geilman <jer...@adaptr.nl> wrote: > On 01/04/2012 12:36 PM, Szőts Ákos wrote: > >> Hi All, >> >> There's a frequent error message in my Apache error_log (v2.2.21 under >> openSUSE 12.1): >> "Invalid URI in request OPTIONS * HTTP/1.0" >> >> I know this is an internal dummy connection to test if the server is alive >> or not. But every time, Apache tries to connect to itself, it writes >> instead of the error log. >> >> Here is the full request: >> OPTIONS * HTTP/1.0 >> User-Agent: Apache (internal dummy connection) >> >> Response: >> HTTP/1.1 400 Bad Request >> Vary: accept-language,accept-**charset,User-Agent >> Accept-Ranges: bytes >> Connection: close >> Content-Type: text/html; charset=iso-8859-1 >> Content-Language: en >> Expires: Tue, 03 Jan 2012 19:31:04 GMT >> >> Here is the full "debug" log: >> [error] [client 194.38.104.110] Invalid URI in request OPTIONS * HTTP/1.0 >> [debug] mod_headers.c(756): headers: ap_headers_output_filter() >> [debug] mod_headers.c(756): headers: ap_headers_output_filter() >> [debug] mod_headers.c(756): headers: ap_headers_output_filter() >> [debug] mod_headers.c(756): headers: ap_headers_output_filter() >> [error] [client 194.38.104.110] ModSecurity: Warning. String match >> "Invalid >> URI in request" at WEBSERVER_ERROR_LOG. >> >> I tried to telnet to my server on port 80, and when I write "OPTIONS *", I >> get a 400 error, but when I write "OPTIONS /", I got 200 OK. >> RFC says the * is acceptable, so I don't understand why the error. >> >> > An internal dummy connection will originate from localhost (127.0.0.1), > not 194.138.104.110: > > > [error] [client 194.38.104.110] ModSecurity: Warning. String match > "Invalid URI in request" at WEBSERVER_ERROR_LOG. > > > As to the OPTIONS * request failing - make sure there are no hidden > rewrite rules or other URI mangling going on. > > > > -- > J. > > > > ------------------------------**------------------------------**--------- > The official User-To-User support forum of the Apache HTTP Server Project. > See > <URL:http://httpd.apache.org/**userslist.html<http://httpd.apache.org/userslist.html>> > for more info. > To unsubscribe, e-mail: > users-unsubscribe@httpd.**apache.org<users-unsubscr...@httpd.apache.org> > " from the digest: > users-digest-unsubscribe@**httpd.apache.org<users-digest-unsubscr...@httpd.apache.org> > For additional commands, e-mail: users-h...@httpd.apache.org > >
