04 Februari, 2010

Bad Request

Dari siang tadi ana berkutat menyelesaikan sebuah permasalahan websever. Hm.... cukup rumit juga sih. Alhamdulillah sudah bisa diatasi.
Ok, berikut Problem dan cara penyelesaiannya :

Spesifikasi Server :

Operating system | Redhat Linux Fedora 8
Kernel and CPU | Linux 2.6.21-2950.fc8xen on i686
Processor information | Intel(R) Pentium(R) 4 CPU 3.20GHz, 2 cores
Real memory | 932.74 MB total, 105.91 MB used
Virtual memory | 2 GB total, 0 bytes used
Local disk space | 42.57 GB total, 4.73 GB used



Tampilan di komputer client sebagaimana capture diatas. Setelah di telusuri server, didapatkan log sebagai berikut :

[Thu Feb 04 17:39:51 2010] [notice] ModSecurity for Apache 2.1.3 configured - Apache/2.2.6 (Fedora)
[Thu Feb 04 17:39:51 2010] [notice] Digest: generating secret for digest authentication ...
[Thu Feb 04 17:39:51 2010] [notice] Digest: done
[Thu Feb 04 17:39:52 2010] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Thu Feb 04 17:39:52 2010] [notice] mod_python: using mutex_directory /tmp
[Thu Feb 04 17:39:52 2010] [notice] Apache/2.2.6 (Unix) DAV/2 mod_auth_kerb/5.3 mod_auth_pgsql/2.0.3 mod_ssl/2.2.6 OpenSSL/0.9.8b Apache/2.2.0 (Fedora) PHP/5.2.6 mod_python/3.3.1 Python/2.5.1 mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Thu Feb 04 17:39:54 2010] [error] [client 172.16.122.19] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\\\d\\\\.]+$" at REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [hostname "172.16.122.222"] [uri "/"] [unique_id "9JrnV38AAAEAABOPPogAAAAA"]
[Thu Feb 04 17:39:55 2010] [error] [client 172.16.122.19] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\\\d\\\\.]+$" at REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [hostname "172.16.122.222"] [uri "/"] [unique_id "9KplBn8AAAEAABOQQFAAAAAB"]


So, tak ada kata lagi selain melapor pada om google. Akhirnya didapatkan orang yang memiliki masalah yang sama di http://www.linuxquestions.org/. So, ikuti jejak pembicaraan mereka, dan solusinya ternyata di akhir pembicaraan.... :)

ini nih solusinya :

buka : file /etc/httpd/modsecurity.d/blocking/modsecurity_crs_21_protocol_anomalies.conf dan file vi /etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf kemudian cari command SecRule REQUEST_HEADERS:Host "^[\d\.]+$" "deny,log,auditlog,status:400,msg:'Host header is a numeric IP address', severity:'2',,id:'960017'," dan tutup dengan memberikan tanda pagar.

root@localhost ~]# vi /etc/httpd/modsecurity.d/blocking/modsecurity_crs_21_protocol_anomalies.conf
--------------------

#SecRule REQUEST_HEADERS:Host "^[\d\.]+$" "deny,log,auditlog,status:400,msg:'Host header is a numeric IP address', severity:'2',,id:'960017',"

------------

[root@localhost ~]# vi /etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf

--------------------

#SecRule REQUEST_HEADERS:Host "^[\d\.]+$" "deny,log,auditlog,status:400,msg:'Host header is a numeric IP address', severity:'2',,id:'960017',"

------------

restart kembali httpd nya :

[root@localhost ~]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]

Nah, saat dilihat lognya di :

[root@localhost /]# tail -F /var/log/httpd/error_log

[Thu Feb 04 17:41:34 2010] [notice] caught SIGTERM, shutting down
[Thu Feb 04 17:41:35 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Feb 04 17:41:36 2010] [notice] ModSecurity for Apache 2.1.3 configured - Apache/2.2.6 (Fedora)
[Thu Feb 04 17:41:36 2010] [notice] Digest: generating secret for digest authentication ...
[Thu Feb 04 17:41:36 2010] [notice] Digest: done
[Thu Feb 04 17:41:37 2010] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Thu Feb 04 17:41:37 2010] [notice] mod_python: using mutex_directory /tmp
[Thu Feb 04 17:41:37 2010] [notice] Apache/2.2.6 (Unix) DAV/2 mod_auth_kerb/5.3 mod_auth_pgsql/2.0.3 mod_ssl/2.2.6 OpenSSL/0.9.8b Apache/2.2.0 (Fedora) PHP/5.2.6 mod_python/3.3.1 Python/2.5.1 mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations


dah normal lagi.


coba sekarang buka web browser, nah tampilannya dah oke lagi :






Thank's to Allah swt.

Diposting oleh Al muhandis pada pukul 5:45 PM

Label:

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)