[Owasp-modsecurity-core-rule-set] Range: field exists and begins with 0 - what does it mean?

Dimitri Syuoul dsyuoul at gmail.com
Tue Jan 12 17:43:40 EST 2010


Hello,

Ive noticed that Ive gotten some triggers over rule ID 958291... I
tried googling for an explanation of this rule but I could not find
it. Anybody knwo what importance does this field exists and begins
with 0 is?

crs-2.0.4/base_rules/modsecurity_crs_20_protocol_violations.conf:SecRule
REQUEST_HEADERS:Range "@contains =0-"
"phase:2,t:none,block,nolog,auditlog,msg:'Range: field exists and
begins with 0.',severity:'5',id:'958291',tag:'PROTOCOL_VIOLATION/INVALID_HREQ',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+5,setvar:tx.protocol_violation_score=+1,setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/INVALID_HREQ-%{matched_var_name}=%{matched_var}"
crs-2.0.4/CHANGELOG:- Rule 958291 - Range: field exists and begins with 0.


Thanks

Dimitri


More information about the Owasp-modsecurity-core-rule-set mailing list