I run my own web server, but after I installed mod_security I was unable to get cross site linking to work, always had an error! So if I tried to post a link on Facebook from my web site (captnslounge.com) I would get the following message:
--fc57c024-H-- Message: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-524287"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 66.220.146.146] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-524287"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "captnslounge.com"] [uri "/"] [unique_id "W1Y2bxL8tTAdwBlt-JQ6hAAAAAc"] Action: Intercepted (phase 2) Stopwatch: 1532376687885654 5705 (- - -) Stopwatch2: 1532376687885654 5705; combined=521, p1=396, p2=43, p3=0, p4=0, p5=82, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/2.2.9. Server: Apache/2.4.6 Engine-Mode: "ENABLED"
I've struggled with this for months. I started turning off rules, but that looked like it was turning into a dangerous idea! I've hunted for a "fix" to no avail.
If anyone could point me in the right direction I would be very grateful.
