[Modsecurity] Incomplete check in id:390080
Michael Shinn
mike at gotroot.com
Wed Aug 16 08:43:56 EDT 2006
Thanks for the report. I'll make the changes later today.
-----Original Message-----
From: modsecurity-bounces at gotroot.com
[mailto:modsecurity-bounces at gotroot.com] On Behalf Of Peter Pramberger
Sent: Wednesday, August 16, 2006 3:26 AM
To: modsecurity at gotroot.com
Subject: [Modsecurity] Incomplete check in id:390080
Hi all!
Today I noticed critical modsecurity errors in my apache log from rule id
390080 ("Checking for valid X-Forwarded header", jitp.conf), caused by our
own
web proxy.
It looks like the regexp in this rule checks only for one entry in
X-Forwarded-For, but I use proxy chaining where each web proxy in the chain
attaches its own entry to this header field, eg.
X-Forwarded-For: unknown, 1.2.3.4
Regards,
Peter
_______________________________________________
Modsecurity mailing list
Modsecurity at gotroot.com
http://lists.gotroot.com/mailman/listinfo/modsecurity
More information about the Modsecurity
mailing list