Skip to content

Fix duplicate HTTP protocol version string#21

Closed
victorhora wants to merge 1 commit into
owasp-modsecurity:masterfrom
victorhora:dev/fix_proto_string
Closed

Fix duplicate HTTP protocol version string#21
victorhora wants to merge 1 commit into
owasp-modsecurity:masterfrom
victorhora:dev/fix_proto_string

Conversation

@victorhora

Copy link
Copy Markdown
Collaborator

Proposed patch to fix an issue on the REQUEST_PROTOCOL variable and log data:

---3pK3I6qx---A--

[05/Nov/2017:03:31:20 -0600] 15098742801.705792 192.168.37.1 56350 localhost.localdomain 0
---3pK3I6qx---B--
POST /index.html?a=b HTTP/HTTP/1.1
Connection: Keep-Alive
Content-Length: 6
Content-Type: application/x-www-form-urlencoded
Host: localhost
User-Agent: UA

---3pK3I6qx---C--
b=boom

---3pK3I6qx---D--

---3pK3I6qx---F--
HTTP/HTTP/1.1 403
Last-Modified: Thu, 02 Nov 2017 02:12:06 GMT
ETag: "5-55cf683d0502d"
Accept-Ranges: bytes
Content-Length: 5

msc_process_uri() appends the string "HTTP/" to http_version probably because the Nginx connector doesn't.

The problem happens due the fact that in Apache, the request_rec:::protocol data field returns the protocol string in the form of "HTTP/1.1".

@csanders-git

Copy link
Copy Markdown

not sure it's the most elegant fix, but it worked for me.

@zimmerle

zimmerle commented Mar 22, 2018

Copy link
Copy Markdown
Contributor

Merged. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants