Using OWASP 953-DATA-LEAKAGES-PHP Rule cause errors #83
Comments
beeriz
changed the title
|
See #41 . Do you have pagespeed enabled? |
|
Nope, just Nginx and https://github.com/mariusv/nginx-badbot-blocker, I tried disabling it of course and cleaning the website configuration, but I just have to disable the includes for OWASP Core Rules to fix it |
|
This is the rule responsible for the error, This is what's included in the configuration : I just have to disable RESPONSE-953-DATA-LEAKAGES-PHP so that everything works. I really appreciate any feedback on this. |
beeriz
changed the title
|
The error happens because at phase 4 is too late to change the response http code, as it is already received by the client. The only possibility is to hold the content till the inspection is done, which may imply in a significant performance drop. Closing this in favor of #41 |
After installing ModSecurity with the nginx connector (no issue during the install), when I try to do a search on website or visite a category i'm getting the error : header already sent while sending response to client, client:
Exemple of the errors:
2017/12/20 01:08:50 [alert] 15793#15793: *26 header already sent while sending response to client, client: 172.69.54.19, server: www.bnin.org, request: "GET /?category&cuisine&cooking_method&sort&content-search HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock", host: "bnin.org", referrer: "https://bnin.org/?category&cuisine&cooking_method&sort&content-search"Any idea what's causing this?
I'm runnign latest nginx version : nginx/1.13.7
I used : ModSecurity v3/master --single-branch
With : OWASP Core Rule 3
Your help is much needed and appreciated, thank you !
The text was updated successfully, but these errors were encountered: