Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#15381] - Troubles with update servers with mod_security enabled

?
avatar Dade88
Dade88
18 Apr 2017

Mod_security is blocking xml files for updates servers because User Agent Header is missing.

Here is a sample of my Apache's log:

[Sun Apr 16 13:57:13 2017] [error] [client X] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "65"] [id "960009"] [rev "2.1.1"] [msg "Request Missing a User Agent Header"] [severity "NOTICE"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "tilellit.pro"] [uri "/dev/joomla/[removed].xml"] [unique_id "WPNcGQoAQSEAABerhgkAAAK1"]

avatar Dade88 Dade88 - open - 18 Apr 2017
avatar joomla-cms-bot joomla-cms-bot - change - 18 Apr 2017
Labels Added: ?
avatar joomla-cms-bot joomla-cms-bot - labeled - 18 Apr 2017
avatar Dade88 Dade88 - change - 18 Apr 2017
The description was changed
avatar Dade88 Dade88 - edited - 18 Apr 2017
avatar Webdongle
Webdongle - comment - 18 Apr 2017

Thread in the forum https://forum.joomla.org/viewtopic.php?f=715&t=949262

avatar zero-24
zero-24 - comment - 18 Apr 2017

Confirmed i'm taking care of that. Now we need to finde a creative useragent ?

avatar zero-24
zero-24 - comment - 18 Apr 2017

Please test #15385 looks like we have a api for the useragent ?

avatar zero-24 zero-24 - change - 18 Apr 2017
Status New Closed
Closed_Date 0000-00-00 00:00:00 2017-04-18 15:52:34
Closed_By zero-24
avatar zero-24 zero-24 - close - 18 Apr 2017
avatar Dade88
Dade88 - comment - 18 Apr 2017

Test answer at #15385. Thx!

Add a Comment

Login with GitHub to post a comment