This Time Self-Hosted
dark mode light mode Search

Help me testing the rules!

I’ve been working even harder to make my ModSecurity ruleset as strong as possible without causing too many false positives. With the current git master I’m sure I can reject most of the spam sources before they hit at all… but.

But I’m not sure if I made it a bit too strong. So please, leave a comment on this post, with as many browsers as you usually use, and if it doesn’t work, drop me an email with your browser’s version (and if you can give me an IP address it’ll be easier to find it in the logs).


Comments 130
  1. Testing using w3m on Linux. w3m is my fallback when I don’t have a GUI or GUI browser on the machine I need to browse from. (If, for example, I can’t just paste a URI to wget…)

  2. Microsoft Internet Explorer 9 … don’t ask! >_<[And this required the rules to be fixed!]

  3. I can’t access your site with Opera on my mobile phone since a couple of weeks now. User Agent is “HTC_Touch_Pro2_T7373 Opera/9.7 (Windows NT 5.1; U; de)”

  4. I think the SecRule in line 38 of “flameeyes_60_fake_browsers.conf”:… is responsible for my problem: “^.+opera[ /][0-9]” -> “Fake Opera browser (not starting with Opera)”

  5. Google Chrome 11 for MacI currently use your ruleset on my website (updated to the master, yesterday afternoon).Thanks for your job 🙂

  6. Konqueror from kde 4.6.1, with OS name added, OS version, platform name, machine and language info omitted, in konqueror’s ID config.

  7. Unfortunately Epiphany (gnome webbrowser, v2.30.6) gives access forbidden when trying to access your blog.I guess you can see the email from this post using Opera on FreeBSD

  8. Mozilla/5.0 (X11; Linux x86_64; rv:2.0) Gecko/20110322 Firefox/4.0 – default/linux/amd64/10.0/

  9. 403 – Access Denied using Mozilla/5.0 (Windows NT 5.1; rv:2.0) Gecko/20100101 Firefox/4.0 (portableapps version)IE 7 on same machine is ok

  10. Dolphin Browser HD 4.5.0 cyanogenmod 6.1.1-N1Default User AgentMozilla/5.0 (Linux; U; Android 2.2.1; en-us; Nexus One Build/FRG83D) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1Desktop user agent emulationMozilla/5.0 (Windows; U; Wind hrome/ Safari/532.5iPhone user agent emulationMozilla/5.0 (iPhone; U; CPU iPhone cko) Version/4.0 Mobile/7A341 Safari/528.16iPad user agent emulationMozilla/5.0 (iPad; U; CPU OS 3_2 like Version/4.0.4 Mobile/7B367 Safari/531.21.10Built in browser that comes with Cyanogen.Mozilla/5.0 (Linux; U; Android 2.2.1; en-us Gecko) Version/4.0 Mobile Safari/533.1

  11. Thanks to everybody! Keep the comments coming! :)germantoo → thanks, yes that was the problem, it should be all fine now; funky, Opera Mini is very different from one device to the next, so everybody who has an Opera Mini at hand are definitely welcome to come posting here!moesasji → Epiphany is indeed not behaving like other WebKit browsers and sends very few headers: no Accept-Language on requests; I had to explicitly whitelist it.richard77 → Thanks! Looks like Accept-Language in Firefox is optional, so I had to avoid that validation… it upsets me a bit honestly, but I’ll live with that for now.Arora → “Bogus Browser of the Year” award goes to Arora indeed… it’s not even a matter of Accept-Language like for Epiphany or Firefox, which are optional on protocol level… Arora doesn’t send the *Accept* header, which is required by the protocol. But it does so only when requesting images, it does send the *Accept* header when requesting the pages, stylesheets and, I guess, scripts. I’m not sure if I want to whitelist such a stupid behaviour.

  12. A honeypot wouldn’t give me any information about false positives, which is what I’m interested in right now 🙂

  13. *moesasji → Epiphany is indeed not behaving like other WebKit browsers and sends very few headers: no Accept-Language on requests; I had to explicitly whitelist it.*Retrying with Epiphany still fails with an “access forbidden” message?

  14. IE 7.0.5370.13WinXP SP3 (workplace pc) Flattr buttons do not appear. 32bit will test some more boxes at home later

  15. Firefox 4 β12, Windows 7 32-bit, Silverlight plugin installed. (I need to upgrade this one…)

  16. Working here Opera/9.80 (X11; Linux x86_64; Sabayon) Presto/2.12.388 Version/12.14

Leave a Reply to FlameeyesCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.