LawsHosting
Verified User
Ever since updating the OWASP rules, I've been seeing a lot of rule 920171 hits, but spontaneously:
Not sure why it would.... Has anyone seen this too?
Of course, I've now whitelisted the rule. I'm just curious.
Added: I proxy through Cloudflare.
Code:
"Access denied with code 406 (phase 1). Match of \"eq 0\" against \"&REQUEST_HEADERS:Transfer-Encoding\" required. [file \"/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"217\"] [id \"920171\"] [msg \"GET or HEAD Request with Transfer-Encoding\"] [data \"1\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/4.24.1\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"paranoia-level/1\"] [tag \"OWASP_CRS\"] [tag \"OWASP_CRS/PROTOCOL-ENFORCEMENT\"] [tag \"capec/1000/210/272\"]"Of course, I've now whitelisted the rule. I'm just curious.
Added: I proxy through Cloudflare.
Last edited: