Bad Request Your browser sent a request that this server could not understand.

vishnukumar · 08-11-2009, 06:54 AM

Hi,

I got bad request (HTTP 400). I can't solve this problem. Only this request gets bad. In the server, the request should be processed and the process contains execution of unix command like javac, java. I have the same project in port 8081, but the request didn’t get as bad request. Only for the port 80 gets wrong.

Below is the response I got for the request.

Quote:

Bad Request

Your browser sent a request that this server could not understand.
Apache/2.2.0 (Fedora) Server at www.xxxxxx.xxx Port 80

Below, I have displayed some useful file content for solution

etc/hosts

Quote:

127.0.0.1 ip-xx-xx-xxx-xxx.ip.secureserver.net ip-xx-xx-xxx-xxx localhost.secureserver.net localhost.localdomain localhost

mod_security

Quote:

# Example configuration file for the mod_security Apache module

LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so

<IfModule mod_security2.c>
# This is the ModSecurity Core Rules Set.

# Basic configuration goes in here
Include modsecurity.d/modsecurity_crs_10_config.conf

# Protocol violation and anomalies.

Include modsecurity.d/modsecurity_crs_20_protocol_violations.conf
Include modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf

# HTTP policy rules

Include modsecurity.d/modsecurity_crs_30_http_policy.conf

# Here comes the Bad Stuff...

Include modsecurity.d/modsecurity_crs_35_bad_robots.conf
Include modsecurity.d/modsecurity_crs_40_generic_attacks.conf
Include modsecurity.d/modsecurity_crs_45_trojans.conf
Include modsecurity.d/modsecurity_crs_50_outbound.conf

# Search engines and other crawlers. Only useful if you want to track
# Google / Yahoo et. al.

# Include modsecurity.d/modsecurity_crs_55_marketing.conf

# Put your local rules in here.

Include modsecurity.d/modsecurity_localrules.conf
</IfModule>

Please, help me to solve this problem.

Thanks

acid_kewpie · 08-12-2009, 06:59 AM

it'd help if you showed us what the request actually was...

vishnukumar · 08-13-2009, 12:56 AM

Hi acid_kewpie,

The request to the server has a content of textarea. Sorry, I am not good at english. But, I have fixed the issue. When I look on error_log, I found

[Wed Aug 12 05:24:07 2009] [error] [client xx.xx.xx.xx] ModSecurity: Access denied with code 400 (phase 2). Pattern match "%0[ad]" at REQUEST_URI. [file "/etc/httpd/modsecurity.d/modsecurity_crs_40_generic_attacks.conf"] [line "211"] [id "950910"] [msg "HTTP Response Splitting Attack"] [data "%0d"] [severity "ALERT"] [hostname "www.xxxxx.xxx"] [uri "/compileandexecute"] [unique_id "5USyWmFKdhQAACEzt7MAAAAS"]

Then, from the above error statement, the line 211 with id 950910 in modsecurity_crs_40_generic_attacks.conf and commented the line. After restarting httpd, I didn't get "bad request (http 400)". But, I don't know, this is the correct solution to fix the issue.

Thank you