Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Common Exception 905100 is broken

See original GitHub issue

_Issue originally created by user dune73 on date 2017-04-15 05:22:54. Link to original issue: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/734._

The rule reads:

SecRule REQUEST_LINE "@streq GET /" \

This will never trigger as the protocol is missing and @streq is used.

Using **beginsWith** and adding a space after the slash would fix it, BUT we would activate a common exception that would disable ModSec for GET requests from localhost to /, no matter what user-agent or referer or other funny tricks somebody is trying. So if an attacker manages to send a request from localhost …

905110 is similar (and works!)

I suggest we fix 905100 and comment it out.

Issue Analytics

State:
Created 3 years ago
Comments:9

Top GitHub Comments

1reaction

CRS-migration-botcommented, May 13, 2020

User ranvis commented on date 2017-05-21 15:33:01:

Hi. For “internal dummy connection” to HTTPS port, it had been changed on Apache 2.2.24 / 2.4.3.

$ echo | telnet 127.0.0.1 20223 > /dev/null # Apache 2.2.23
Connection closed by foreign host.
$ tail logs/ssl_request_log
[22/May/2017:00:15:25 +0900] 127.0.0.1 - - "GET /" 474

$ echo | telnet 127.0.0.1 20224 > /dev/null # Apache 2.2.24
Connection closed by foreign host.
$ tail logs/ssl_request_log
[22/May/2017:00:19:58 +0900] 127.0.0.1 - - "GET / HTTP/1.0" 362

modules/ssl/ssl_engine_io.c of https://github.com/apache/httpd/commit/b67aec5ed5fcb8646a4e81f96625877c1345781f / https://github.com/apache/httpd/commit/7cf9ed008a52579b96741a6af95c7177dc1abd6a

 /* Just use a simple request.  Any request will work for this, because
  * we use a flag in the conn_rec->conn_vector now.  The fake request just
  * gets the request back to the Apache core so that a response can be sent.
- *
- * To avoid calling back for more data from the socket, use an HTTP/0.9
- * request, and tack on an EOS bucket.
+ * Since we use an HTTP/1.x request, we also have to inject the empty line
+ * that terminates the headers, or the core will read more data from the
+ * socket.
  */
 #define HTTP_ON_HTTPS_PORT \
-    "GET /" CRLF
+    "GET / HTTP/1.0" CRLF

It used to return 400 Bad Request response body without headers because of the protocol HTTP/0.9. hth.

1reaction

CRS-migration-botcommented, May 13, 2020

User emphazer commented on date 2017-04-18 18:15:56:

I think that makes sense. Shall i change my PR for 905100 to

 "**beginsWith** GET /\ "

And comment it out?

Top Results From Across the Web

Dorman® 905-100 - Automatic Transmission Shift Tube

Automatic Transmission Shift Tube - Part Number 905-100 (905100) by Dorman. Steering Column Shift Tube and Plunger Assembly. Packaging Type: Box.

Dorman 905-100 Automatic Transmission Shift Tube ...

Buy Dorman 905-100 Automatic Transmission Shift Tube Compatible with Select Ford ... Tips for fixing a broken shift cable linkage with replacement bushings....

Loose shift selector, Hard to find Reverse.

The shifter tube breaks. It's so common that, around here, there are none in the JYs. The screws that retain the steel arm...

ATLAS and Aliqa Uma as One Single Stream - IOPscience

Broken into Pieces: ATLAS and Aliqa Uma as One Single Stream ... The only exception is a blue star at (g − r)0...

MARELON BROCHURE.PM6

Vented Loops are commonly used in the marine toilet system and engine cooling ... TYPICAL SEACOCK. INSTALLATION. MARELON ® is the ... 905100...