0

From Log I am getting Error:

ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [msg "Request Missing a User Agent Header"] [severity "NOTICE"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA"]

But when I check in Network > XHR tab the header is present:

User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

I use standard AngularJS:

const ajax = function(data, url, completeFn, errorFn){
$http({
  method: 'POST',
  url: url,
  data:data,
  headers:{
    'Accept': "application/json",
    'Content-Type': "application/json"
  }
})
.then( completeFn, errorFn );}

Later called by

this.select_all = function( callback ){
 ajax({action: 'select_all'}, url, 
    function(response){
      self.allFolders = response.data;
      if(callback){ callback(response); }
    }, 
    defError
 );}

I am using mod_rewrite rule: 

<IfModule mod_rewrite.c>
  RewriteEngine On
  Options FollowSymLinks
  RewriteBase /
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ /webpage/#/$1 [L]
</IfModule>

When I completely disable mod_security everything works as it should. But I am not sure I want to do that. I googled for 2 hours couldn't find anything about similar issue. I must be doing something wrong. How should be this done?

romanmoravcik
  • 11
  • 1
  • Is the header in the audit log? Can you also give the rule config? It seems to be checking for any request header based on the log extract you have given. – Barry Pollard Jan 16 '17 at 17:07
  • I have only HTTP access log, from which I posted error and there is no header there. I am not sure If they are supposed to be visible there. I have very limited access to server settings. Just few options. Error looks as mentioned that there is no header at all...meanwhile in chrome I can see all headers in request. I think all I can do is to write something to .htaccess file without knowing current settings. – romanmoravcik Jan 16 '17 at 17:51
  • Going to be really difficult to Debug without that. Suggest you ask for help from someone with that access. I honestly doubt above error message is to do with your request btw - suspect your request is being blocked by another rule unrelated to the missing UA rule. – Barry Pollard Jan 16 '17 at 18:00
  • Yes, it seems like that. Because I wasn't able to find any mention of similar issue to this one on internet. I must be searching for problem in wrong place. Thanks for your reply :) – romanmoravcik Jan 16 '17 at 21:06

0 Answers0