Hi, I'm deploying a weblocks application in a production environment, composed of a cluster of Apache processes running on several nodes. Apache is configured as a reverse proxy (via mod-proxy), delegating the non-static requests to one of the multiple hunchentoot processes (each running in every node).
At first, I had problems with this configuration, since Apache processes couldn't communicate with hunchentoot listening on 127.0.0.1. The reason is that the clustering is handled by Linux Virtual Server [1], and it requires all involved processes to listen on external network interfaces. Besides that, the Apache cluster is not dedicated to this application, and it's protected via mod-security. After some tests, I verify the application is malfunctioning (i.e. the login appears, but after that the page remains unchanged). Reviewing the logs, I notice this entry: 20090820-13-CCC.error.log:[Thu Aug 20 15:52:35 2009] [error] [client XXX.XXX.XXX.XXX] ModSecurity: Access denied with code 403 (phase 2). Match of "rx (^application/x-www-form-urlencoded$|^multipart/form-data;)" against "REQUEST_HEADERS:Content-Type" required. [hostname "myhostname"] [uri "/myapp?&action=1720%3A7788E2EBCFA734D1789C8E3F28E7AC99"] [unique_id "EGR7IgosgrYAAG2jNP4AAAAb"] So mod-security intercepts the request and redirects to the 403 error page, as a result of a false positive [2]. I'll take a closer look at the offending rule and post my conclusions. I'm wondering if there's some previous research already done on this topic (i.e. which mod-security rules are incompatible with weblocks). Kind regards, Jose. [1] http://www.linuxvirtualserver.org/ [2] http://blog.modsecurity.org/2007/02/handling-false.html --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "weblocks" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/weblocks?hl=en -~----------~----~----~----~------~----~------~--~---
