Skip to content

Non standard compliant HTTP response status code in modsecurity.conf-recommended #665

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
derhansen opened this issue Feb 25, 2014 · 1 comment
Closed

Non standard compliant HTTP response status code in modsecurity.conf-recommended #665

derhansen opened this issue Feb 25, 2014 · 1 comment
Milestone
v2.8.0-RC1

Comments

@derhansen
Copy link
Contributor

The file modsecurity.conf-recommended contains a rule which returns the HTTP response status code 44 .

SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"id:'200002',phase:2,t:none,log,deny,status:44, \
msg:'Multipart request body failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_MISSING_SEMICOLON}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IP %{MULTIPART_INVALID_PART}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"

AFAIK HTTP response status codes should always have 3 digits. I also could'nt find something about a status code 44 in the official registry of HTTP status codes

I would recommend to change the response status code to 400 which is more clear, as the request body seems to be faulty.
derhansen added a commit to derhansen/ModSecurity that referenced this issue Feb 25, 2014
@derhansen
Update status code for rule 200002
ab9aede 
Removed the non standard compliant HTTP response status code 44 and replaced it with a 400 response status code. Refs owasp-modsecurity#665
@derhansen derhansen mentioned this issue Feb 25, 2014
Merged
@zimmerle
Copy link
Contributor

zimmerle commented Mar 5, 2014

@derhansen Pull request merged. thanks.

@zimmerle zimmerle closed this as completed Mar 5, 2014
@zimmerle zimmerle added this to the testing milestones milestone Mar 27, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.8.0-RC1
Development

No branches or pull requests
2 participants
@zimmerle @derhansen