SecFilterSelective HTTP_X_MOZ "prefetch" <-- broken!

Discussion in 'Bug Reports' started by phallstrom, Sep 28, 2007.

  1. phallstrom

    phallstrom Active Member

    Hi -

    I am trying to block google's web accelerator. I have the following request filter setup:

    Action: log,deny,status:403,msg:'GWA Prefetch'
    Rule: SecFilterSelective HTTP_X_MOZ "prefetch"

    I then test it using curl:

    curl --header "X-Moz: prefetch" -v -I

    It returns a valid 200 response. If I change the rule to:

    SecFilterSelective HTTP_USER_AGENT "curl"

    Then it mostly works. It doesn't return a 403, but does return a 404.

    This is occurring on standard edition, linux x86, version 3.2.2.

    I've also tried the "REQUEST_HEADERS:X-Moz" which resulted in an error in the log files saying it was an unknown variable and couldn't be parsed.

    Can you tell me if this is a known bug, if there's a work around and how we can get it to return a 403 instead of 404?
  2. mistwang

    mistwang LiteSpeed Staff

    X-Moz is a custom header, not being recoginzed by the security engine now. You can let the engine to scan the whole request header for the signature.
    Last edited: Sep 28, 2007
  3. phallstrom

    phallstrom Active Member

    Ok. Thanks. It would be great if the security engine recognized every header, but maybe there are reasons it can't do that.
  4. phallstrom

    phallstrom Active Member

    can you tell me why it's returning a 404 instead of a 403? If I get it working by scanning all the headers will it work correctly? it didn't when i tested against the user agent.

Share This Page