OWASP 958295, can anyone explain ?
Does anyone know what this Owasp rule is.
I'm seeing a number of these originating from the UK.
Considering that my customer base is 99% UK based, i'm worried that it may be a false positive.
However, i've no idea what it's telling me.
On the subject of OWASP, is there a definitive list of what each rule does, but in laymans terms.
Every Google search iv'e done for 958295 comes up with pages of gobbledygook.
A list that went along the lines:
XXXXXX: Protects against backdoor cyber attack
ModSecurity: Access denied with redirection to http://www.mydom.co.uk/ using status 302 (phase 2).
Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection.
[file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"> [line "203"> [id "958295"> [rev "2"> [msg "Multiple/Conflicting Connection Header Data Found."> [data "keep-alive, keep-alive"> [severity "WARNING"> [ver "OWASP_CRS/3.0.0"> [maturity "6"> [accuracy "8"> [tag "Host: www.mydom.co.uk"> [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"> [hostname "www.mydom.co.uk"> [uri "/"> [unique_id "VVTrYtWr3R8AAA1hI-YAAAAD">
[\code]-
Hello, That specific rule is explained on the following third-party URL (Atomicorp rule but it's for the same type of event): Thank you. 0 -
Thanks Michael. This is exactly the type of info i was looking for. Do you know of an OWASP list/wiki. 0
Please sign in to leave a comment.
Comments
3 comments