Support

phallstrom · #1 09-28-2007, 10:42 AM

Hi -

I am trying to block google's web accelerator. I have the following request filter setup:

Action: log,deny,status:403,msg:'GWA Prefetch'
Rule: SecFilterSelective HTTP_X_MOZ "prefetch"

I then test it using curl:

curl --header "X-Moz: prefetch" -v -I http://example.com

It returns a valid 200 response. If I change the rule to:

SecFilterSelective HTTP_USER_AGENT "curl"

Then it mostly works. It doesn't return a 403, but does return a 404.

This is occurring on standard edition, linux x86, version 3.2.2.

I've also tried the "REQUEST_HEADERS:X-Moz" which resulted in an error in the log files saying it was an unknown variable and couldn't be parsed.

Can you tell me if this is a known bug, if there's a work around and how we can get it to return a 403 instead of 404?

mistwang · #2 09-28-2007, 12:10 PM

X-Moz is a custom header, not being recoginzed by the security engine now. You can let the engine to scan the whole request header for the signature.

phallstrom · #3 09-28-2007, 12:26 PM

Ok. Thanks. It would be great if the security engine recognized every header, but maybe there are reasons it can't do that.

phallstrom · #4 09-28-2007, 01:03 PM

can you tell me why it's returning a 404 instead of a 403? If I get it working by scanning all the headers will it work correctly? it didn't when i tested against the user agent.