[Owasp-modsecurity-core-rule-set] [JIRA] Resolved: (CORERULES-26) HTTP error code 501 are returned for localized Indonesian version of Firefox
Ryan Barnett
Ryan.Barnett at breach.com
Wed Feb 24 09:21:55 EST 2010
[ https://www.modsecurity.org/tracker/browse/CORERULES-26?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ryan Barnett resolved CORERULES-26.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.0
Fixed in CRS v2.0.6. Due to the low attack frequency and high false positive rate, I removed REQUEST_HEADERS:User-Agent from inspection for these OS commanding rules.
> HTTP error code 501 are returned for localized Indonesian version of Firefox
> ----------------------------------------------------------------------------
>
> Key: CORERULES-26
> URL: https://www.modsecurity.org/tracker/browse/CORERULES-26
> Project: Core Rules
> Issue Type: Bug
> Security Level: New
> Components: False positive
> Environment: Web Servers:
> 1. CentOS 5.4 on VirtualBox, using compiled Apache (2.2.14) annd compiled Modsecurity (2.1.7)
> 2. Fedora 10 on VirtualBox, using Apache RPM (2.2.11-2.fc10) and Modsecurity RPM (2.5.10-2.fc10)
> Web Browser:
> Firefox Localized Indonesian version, User-Agents:
> "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; id; rv:1.9.2b5pre) Gecko/20091126 Namoroka/3.6b5pre"
> Reporter: Romi Hardiyanto
> Assignee: Ryan Barnett
> Fix For: 2.0
>
>
> At least two localized Firefox are suffering from modsecurity_crs_40_generic_attacks.conf.
> Please see following newsgroup discussions:
> http://groups.google.com/group/mozilla.dev.l10n/browse_thread/thread/a165f75e2947d5ee
> I'm testing using
> - Firefox 3.6 (Localized version: Indonesia, nightly build) using following User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; id; rv:1.9.2b5pre) Gecko/20091126 Namoroka/3.6b5pre
> - Firefox 3.6 (Localized version: Indonesia) on other platforms (win32 and linux)
> - Released versions: Firefox 3.5, Firefox 3.0 (Localized version: Indonesia)
> - wget -U "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; id)".
> Webserver systems tested are:
> 1. CentOS 5.4 on VirtualBox, using compiled Apache (2.2.14) annd compiled Modsecurity (2.1.7)
> 2. Fedora 10 on VirtualBox, using Apache RPM (2.2.11-2.fc10) and Modsecurity RPM (2.5.10-2.fc10)
> For both system, browsing with mentioned web browser, HTTP error code 501 is returned. Using English/French/Germany version of Firefox doesn't result this HTTP error.
> For system #1 (modsecurity 2.1.7):
> Rule id:950006 (line 105-108 in modsecurity_crs_40_generic_attacks.conf) is causing the problem.
> For system #2 (modsecurity 2.5.10):
> Rule id:958885 (line 254 in modsecurity_crs_40_generic_attacks.conf) is causing the problem. Romansh (locale code: rm) are also suffer from similar rule id:958894, and I suspect future localized Firefox with locale code "ps" will also suffer with rule id:958886.
> Workaround for 2.5.10 is to disable the rule in the configuration, workaround for modsecurity 2.17 is removing string "id" in the regular expression
> More info for Firefox/Mozilla locale codes that currently ships is here:
> - http://l10n.mozilla.org/dashboard/?tree=fx36x
> - http://l10n.mozilla.org/dashboard/?tree=fx35x
> - http://l10n.mozilla.org/dashboard/?tree=fennec10x
> And guidelines for Mozilla locale codes are on: https://wiki.mozilla.org/L10n:Simple_locale_names
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the Owasp-modsecurity-core-rule-set
mailing list