Senarai Waktu

If you are using Firefox Indonesian version and getting HTTP error 501 Not Implemented on some websites, here is an info.

The culprit lies on the modsecurity installation on Apache webserver. The rules are:

• For modsecurity 2.5.10 (tested), using Core ModSecurity Rule Set ver.2.0.3: Rule id 958885 on modsecurity_crs_40_generic_attacks.conf around line 253 (254?)
• For modsecurity 2.1.7 (tested) using Core ModSecurity Rule Set ver.1.5.1: Rule id 950006 on modsecurity_crs_40_generic_attacks.conf around line 105-108

Workarounds:

• For modsecurity 2.5.10, workaround is to disable rule id 958885 in file modsecurity_crs_40_generic_attacks.conf
• For modsecurity 2.1.7 with core rules ver 1.5.1, workaround is to remove string “|id” (yes, remove that pipe character also) on the regular expression of rule 950006 in file modsecurity_crs_40_generic_attacks.conf

Tested using:

• Web browser:
  • Firefox 3.6 (Localized version: Indonesia, nightly build) using following User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; id; rv:1.9.2b5pre) Gecko/20091126 Namoroka/3.6b5pre
  • Firefox 3.6 (Localized version: Indonesia) on other platforms (win32 and linux)
  • Released versions: Firefox 3.5, Firefox 3.0 (Localized version: Indonesia)
  • wget -U “Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; id)”.
• Webserver:
  • CentOS 5.4 on VirtualBox, using compiled Apache (2.2.14) and compiled Modsecurity (2.1.7)
  • Fedora 10 on VirtualBox, using Apache RPM (2.2.11-2.fc10) and Modsecurity RPM (2.5.10-2.fc10)

I’ve reported the bug to modsecurity.org: https://www.modsecurity.org/tracker/browse/CORERULES-26 (you will need a login to view)

Update: tajidyakub has dicussed this this thread a year ago.

Update 2: Fix the rule id in the workaround

Update 3: Added the pipe character too, thanks to gregorius.