Ready to get started?Download WordPress


WordPress HTTPS (SSL)
Missing accept header (1 post)

  1. varunbhardwaj
    Posted 8 months ago #

    I'm using this plugin to make my http://www.domain.com and https://subdomain.domain.com work alongside. I'm also using RAMP Deployment plugin to more the post images from development to live site.

    The problem that i'm facing is, when I use the HTTPS plugin Apache mod security is blocking request on the live server during my deployment for images. Reason been my request is missing an Accept Header. It work if I deactivate the plugin.

    Request example:
    [10/Jun/2014:19:26:19 --0600] U5ewOQoBEC0AACalGqQAAAAK 46449 80
    GET /wp-content/uploads/image.png HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: http://www.domain.com <http://www.domain.com>
    User-Agent: null (FlipboardProxy/1.1; +http://flipboard.com/browserproxy)
    Connection: close

    HTTP/1.1 200 OK
    Last-Modified: Tue, 10 Jun 2014 16:23:52 GMT
    ETag: "1221b1-bf3ab-4fb7dc0ea67d9"
    Accept-Ranges: bytes
    Content-Length: 783275
    Connection: close
    Content-Type: image/png

    Message: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/modsecurity/modsecurity/modsecurity_crs_21_protocol_anomalies.con
    f"] [line "42"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"]
    Stopwatch: 1402449977958054 1505899 (- - -)
    Stopwatch2: 1402449977958054 1505899; combined=735, p1=1, p2=609, p3=63, p4=36, p5=26, sr=37, sw=0, l=0, gc=0
    Producer: ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/).
    Server: Apache



You must log in to post.

About this Plugin

About this Topic

  • RSS feed for this topic
  • Started 8 months ago by varunbhardwaj
  • This topic is not resolved
  • WordPress version: 3.9.1