WordPress HTTPS (SSL)
Missing accept header (1 post)

  1. varunbhardwaj
    Posted 1 year ago #

    I'm using this plugin to make my http://www.domain.com and https://subdomain.domain.com work alongside. I'm also using RAMP Deployment plugin to more the post images from development to live site.

    The problem that i'm facing is, when I use the HTTPS plugin Apache mod security is blocking request on the live server during my deployment for images. Reason been my request is missing an Accept Header. It work if I deactivate the plugin.

    Request example:
    [10/Jun/2014:19:26:19 --0600] U5ewOQoBEC0AACalGqQAAAAK 46449 80
    GET /wp-content/uploads/image.png HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: http://www.domain.com <http://www.domain.com>
    User-Agent: null (FlipboardProxy/1.1; +http://flipboard.com/browserproxy)
    Connection: close

    HTTP/1.1 200 OK
    Last-Modified: Tue, 10 Jun 2014 16:23:52 GMT
    ETag: "1221b1-bf3ab-4fb7dc0ea67d9"
    Accept-Ranges: bytes
    Content-Length: 783275
    Connection: close
    Content-Type: image/png

    Message: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/modsecurity/modsecurity/modsecurity_crs_21_protocol_anomalies.con
    f"] [line "42"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"]
    Stopwatch: 1402449977958054 1505899 (- - -)
    Stopwatch2: 1402449977958054 1505899; combined=735, p1=1, p2=609, p3=63, p4=36, p5=26, sr=37, sw=0, l=0, gc=0
    Producer: ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/).
    Server: Apache


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WordPress HTTPS (SSL)
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic