Forum

help

help me understand the log below 
doubt is if my application is running owasp (blocking) malicious actions as the result of the log below:

clientdomain.com.br66.150.14.187960015[27/Jan/2014:15:22:45 --0200] 
Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]

You need to be a member of OWASP to add comments!

Join OWASP

Email me when people reply –

Replies

  • I'm no expert on ModSecurity, but it looks like you're getting error messages due to requests for a page that does not exist on your site.

    The OWASP Austin Study Group has been going through "The Web Application Defender's Cookbook" written by Ryan Barnett and it is an excellent resource to help you to understand ModSecurity.  It talks about how it works and offers recipes on how to create rules to help secure your web applications.  I'd recommend getting that and starting from there.

    ~josh

This reply was deleted.