If you’re facing difficulties with modsecurity and see logs like these and you think they should be allowed.
[Tue Nov 25 23:32:36 2008] [error] [client 106.78.1.61] ModSecurity: Access denied with code 400 (phase 2). Match of “rx ^OPTIONS$” against “REQUEST_METHOD” required. [file "/optional_rules/modsecurity_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "www.netbackuphowto.com"] [uri "/ads.php"] [unique_id "oAIMD06rogtjw4jt"]
You need to add the following lines to your httpd.conf (or under your virtualhost directives)
<ifModule mod_security2.c>
SecRuleRemoveById 960015
</ifModule>
You can of course add more SecRuleRemoveById lines accourding to your needs.
Attention: This setting works site-wide…
Posted in 
Tags: 
Loading ...