开发者

mod_security - access denied 406 for some IE visitors

Would anyone know why some visitors on our server are being blocked by the below mod_security rule when simply right-clicking a file (.doc, .gif, .pdf, etc.) on a site to download it? They seem to be all Windows/IE users.

Anything we can do short of commenting out the rule itself?

Thanks for any ideas.

# allow request methods
SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$" \
  "phase:1,log,auditlog,msg:'Method is not allowed by policy',
severity:'2',id:'960032'"

I found this similar issue but with no resolution: IE Sending OPTIONS Request for File Downloads

Tha开发者_Python百科nks for any ideas.

Edit: I think we found the culprit. Here's an item from the log of the person who was blocked:

 - [10/Sep/2010:19:32:39 -0400] "PROPFIND
/dd_sitefiles/documents/logos/POC_logo_NationalE.gif HTTP/1.1" 406
5636 "-" "Microsoft-WebDAV-MiniRedir/6.1.7600"

Since PROPFIND is not included in our request methods, it's generating the 406 error. So the follow-up question would be - should we just add that to the rule? What are the security implications? Is there something we can add to prevent issues around "DavDepthInfinity" as described here, or is this a lot of worry for little potential risk? http://httpd.apache.org/docs/2.0/mod/mod_dav.html#davdepthinfinity

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜