Hello,
On one of my servers I'am using mod_security with the standard rules.
It blocks w3c validation service:
http://validator.w3.org/
In the logs I get:
Quote:
[Thu Aug 02 11:59:11 2012] [error] [client 128.30.52.70] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/modsec/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "46"] [id "960015"] [rev "2.1.1"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.myhost-here.com"] [uri "/cam-2012/"] [unique_id "UBpBX38AAQEAAGVrAWAAAAAA"]
|
In modsecurity_crs_10_config.conf before the inclusion of the modsecurity_crs_21_protocol_anomalies.conf I tried the following rule with no success: SecRule HTTP_User-Agent "W3C-checklink" allow,ctl:ruleEngine=Off
How can I allow w3c validator?
Thanks