Hi there,
Would anyone know why some visitors on our server are being blocked by the below mod_security rule when simply right-clicking a file (.doc, .gif, .pdf, etc.) on a site to download it? They seem to be all Windows/IE users.
Anything we can do short of commenting out the rule itself?
Thanks for any ideas.
# allow request methods
SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$" \
"phase:1,log,auditlog,msg:'Method is not allowed by policy',
severity:'2',id:'960032'"
I found this similar issue but with no resolution: http://stackoverflow.com/questions/1716513/ie-sending-options-request-for-file-downloads
Thanks for any ideas.
Edit: I think we found the culprit. Here's an item from the log of the person who was blocked:
- [10/Sep/2010:19:32:39 -0400] "PROPFIND
/dd_sitefiles/documents/logos/POC_logo_NationalE.gif HTTP/1.1" 406
5636 "-" "Microsoft-WebDAV-MiniRedir/6.1.7600"
Since PROPFIND is not included in our request methods, it's generating the 406 error. So the follow-up question would be - should we just add that to the rule? What are the security implications? Is there something we can add to prevent issues around "DavDepthInfinity" as described here, or is this a lot of worry for little potential risk? http://httpd.apache.org/docs/2.0/mod/mod_dav.html#davdepthinfinity