Apache 2.2 running as a reverse-proxy with another Apache 2.2 host and then a DB on the end. This is an AWS setup so the design is basically; load-balancer, pair of reverse proxies, pair of web hosts, database on the backend.
I'm using a basic user-agent test to ensure at least basic function of mod_sec and there is again, something that even 3 cups of coffee hasn't been able to figure out. curl -I -A "Nessus" http://www.ihaterabbits.com/ Returns "HTTP 200" curl -I -A "Nessus" http://www.ihaterabbits.com/foobar Returns "HTTP 443" The reverse-proxy logs: access_log "HEAD / HTTP/1.1" 200 - "-" "Nessus" "HEAD /foobar/ HTTP/1.1" 403 - "-" "Nessus" error_log "ModSecurity: Access denied with code 403 bad_robots "ModSecurity: Access denied with code 403 bad_robots The web host logs: "GET /error/noindex.html HTTP/1.1" 200 3839 [second curl there is no request sent to the web host] -- Why is there a request sent to the web host on the first curl when there is a deny from mod_sec? I tried removing the -Indexes for Options and that didn't change anything. It looks like it's proxying the error and not the request? vhost is as follows: <VirtualHost *:80> ProxyVia On <IfModule mod_security2.c> SecRuleEngine On </IfModule> ProxyPreserveHost On ServerName ihaterabbits.com ProxyPass / http://nameofloadbalancer/ retry=0 ProxyPassReverse / http://nameofloadbalancer/ </VirtualHost>
--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
