You are not logged in.
I am receiving the following error in my logs:
ModSecurity: Access denied with code 501 (phase 1). Match of "rx (?:^(?:application/x-www-form-urlencoded$|multipart/form-data;)|text/xml)" against "REQUEST_HEADERS:Content-Type" required. [id "960010"] [msg "Request content encoding is not allowed by policy"] [severity "WARNING"] [hostname "www.removedforthispost.com"] [uri "/xinha/plugins/Linker/scan.php"] [unique_id "YqvhQMCoAQEAAA@J11YAAAAD"]
I am using an out of the box installation of ModSecurity.
Your products are fantastic. This is the first error I've had that's caused any aggrevation.
Thanks
Offline
From the modsecurity configuration files
# TODO Most applications support only two encodings for request bodies
# because that is all browsers know how to produce. If you are using
# automated tools to talk to the application you may be using other
# content types and would want to change the list of supported encodings.
#
# Note though that ModSecurity parses only three content encodings:
# application/x-www-form-urlencoded, multipart/form-data request and
# text/xml. The protection provided for any other type of encoding is
# inferior.
SecRule REQUEST_METHOD "!^(?:get|head|propfind|options)$" \
"chain, t:lowercase, deny,log,auditlog,status:501,msg:'Request content encoding is not allowed by policy',id:'960010',severity:'4'"
SecRule REQUEST_HEADERS:Content-Type "!(?:^(?:application/x-www-form-urlencoded$|multipart/form-data;)|text/xml)"
Offline
Please see http://xinha.python-hosting.com/ticket/1028
Offline