Apache 2.2 running as a reverse-proxy with another Apache 2.2 host and then
a DB on the end. This is an AWS setup so the design is basically;
load-balancer, pair of reverse proxies, pair of web hosts, database on the
backend.
I'm using a basic user-agent test to ensure at least basic function of
mod_sec and there is again, something that even 3 cups of coffee hasn't
been able to figure out.
curl -I -A "Nessus"
http://www.ihaterabbits.com/
Returns "HTTP 200"
curl -I -A "Nessus"
http://www.ihaterabbits.com/foobar
Returns "HTTP 443"
The reverse-proxy logs:
access_log
"HEAD / HTTP/1.1" 200 - "-" "Nessus"
"HEAD /foobar/ HTTP/1.1" 403 - "-" "Nessus"
error_log
"ModSecurity: Access denied with code 403 bad_robots
"ModSecurity: Access denied with code 403 bad_robots
The web host logs:
"GET /error/noindex.html HTTP/1.1" 200 3839
[second curl there is no request sent to the web host]
-- Why is there a request sent to the web host on the first curl when there
is a deny from mod_sec? I tried removing the -Indexes for Options and that
didn't change anything. It looks like it's proxying the error and not the
request?
vhost is as follows:
<VirtualHost *:80>
ProxyVia On
<IfModule mod_security2.c>
SecRuleEngine On
</IfModule>
ProxyPreserveHost On
ServerName ihaterabbits.com
ProxyPass /
http://nameofloadbalancer/ retry=0
ProxyPassReverse /
http://nameofloadbalancer/
</VirtualHost>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)