Topic: I cannot access my http? I keep getting a bad request?

[rlttharp]

Hello All,

I am very very new to Linux "but I am really loving it" I have Fedora core 6 along with the latest Apache that I just installed. I set up my http and have been having no problem. I installed phpmyadmin and webmin as well. I I have several urls redirected to my server yet it will not see it I keep getting a bad request? The error log gives me this message

[Wed Jul 04 14:44:53 2007] [error] [client 70.249.189.43] ModSecurity: Access denied with code 400 (phase 1). Pattern match "^[\\\\d\\\\.]+$" at REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [hostname "70.249.189.43"] [uri "/petes/"] [unique_id "S7paTQAAAAEAAA9iVB8AAAAB"]

I would really appreciate any help. As I have stated I am an extreme NEWBIE but I am really trying to learn.

[tdonovan]

Fedora Core 6 installs Apache with a very strict set of security rules.

One of these rules prohibits using a numeric IP address instead of your computer name when you request a page.
In other words - you cannot use http://70.249.189.43/petes/ to access your web server. You must use http://computername/petes/ instead.

If you want to remove this rule - try to find where Fedora keeps the mod_security rules. A guess is /etc/httpd/conf.d/modsecurity2/
(...just a guess - this is a mostly-Windows Apache forum, and I don't have Fedora Core 6 to check)

Then find the file modsecurity_crs_21_protocol_anomalies.conf.

Edit this file, find the SecRule which contains id:'960017', and comment it out by putting a # at the beginning of the line.
Then restart Apache.

Good luck,
-tom-

[rlttharp]

Thank you very very much WOW it was so easy LOL! I guess if you know what your doing it helps. It is where you said other than the mod_sec_config program in the cong.d folder call to this folder /etc/httpd/modsecurity.d Thats where I found the file!!!!!!!!!!!! Did what you said and it WORKS! Thank you again very much!

Rich