[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cannot Register Mirror when Apache mod_security is enabled

Hi,

Just out of curiosity, why do you need mod_security enabled on a mirror server?

You can also whitelist rule 960015 if required.

Regards,
Matthew.

On 10/06/2015 18:26, Francis Roda wrote:
I tried to register our mirror in Philippines but when I tried to click the submit button it displays:

The following entries were submitted:

Submission-Type: new

Site: mirror.rise.as
Type: leaf
Archive-architecture: ALL amd64 armel armhf hurd-i386 i386 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc s390x sparc 
Archive-ftp: /debian/
Archive-http: /debian/

A proper project/trace directory was not found on the HTTP server (under /debian/).

The trace directory needs to be fully synced from upstream, and need a local tracefile named after the site name.

The error message returned was: 403 Forbidden

Please have a look at the documentation.

If you don't understand this error message, please contact us.

Entry not submitted!


The Apache mod_security was enabled. Below was the error log:

[Wed Jun 10 16:07:33 2015] [error] [client 82.195.75.65] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/httpd/crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "mirror.rise.as"] [uri "/debian/project/trace/ftp-master.debian.org"] [unique_id "VXfwRSviBkoAAHFYkxAAAAAJ"]
[Wed Jun 10 16:07:34 2015] [error] [client 82.195.75.65] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/httpd/crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "mirror.rise.as"] [uri "/debian/project/trace/mirror.rise.as"] [unique_id "VXfwRiviBkoAAHFakxYAAAAL"]

 
How can I register our mirror site with mod_security enabled?

Reply to: