Hi,
after downloading
SpiderLabs-owasp-modsecurity-crs-2.2.9-30-g520a94b.tar.gz I just compared
the changed rules with that used on "my" server. One rule that I have
outcommented but that still exists unchanged is rule 958291 in
base_rules/modsecurity_crs_20_protocol_violations.conf.
That rule is commented with
# 1. Range Header exists and begins with 0 - normal browsers don't do this.
# Automated programs and bots often do not obey the HTTP RFC
#
# -=[ Rule Logic ]=-
# This rule inspects the Range request header to see if it starts with 0.
#
# -=[ References ]=-
# http://www.bad-behavior.ioerror.us/documentation/how-it-works/
But that I am not really understanding since at least
https://tools.ietf.org/html/rfc7233
seems to allow it:
2.1. Byte Ranges
[...]
Examples of byte-ranges-specifier values:
o The first 500 bytes (byte offsets 0-499, inclusive):
bytes=0-499
Maybe a pure "bytes=0-" is meant but the rule seems to match also
"bytes=0-last-byte-pos".
Additionally the referenced URL
http://www.bad-behavior.ioerror.us/documentation/how-it-works/
is not (or no longer) existent.
Regards
Jens
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
