Hi all, The ability to extend the option httpchk <version> argument string to dummy up a Host header is described as a 'trick' in the configuration documentation. I have found that the 'trick' can be extended to add User-Agent (HAProxy) and Accept (*/*) headers to keep ModSecurity quiet when checking an Apache server. This leads me to two questions:
(1) To what level is this 'trick' supported? Is an haproxy update likely to kill it? (2) Is there a better way of handling something like ModSecurity that doesn't like the request generated by haproxy because it doesn't look like it has come from a browser? Note that in respect to question (2) I have messed around a bit with the ModeSecurity configuration and made some progress but the use of the 'trick' was far simpler! Cheers, Andrew
