Rules 911100, 949110, 980130: False Positives (paranoia level 1)
vieridipaola opened this issue · comments
Hi,
I'm seeing false positives each time a user legitimately logs out a web application such as "Apache Guacamole".
This application requires the DELETE method.
Description
ModSecurity Audit:
--18b96d00-A--
[04/Feb/2020:09:39:27 +0100] Xjktv-A4XMHvYwMDNIoJKgAAAAQ 1.2.3.4 25747 4.3.2.1 443
--18b96d00-B--
GET / HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--18b96d00-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
ETag: W/"5414-1580395084000"
Last-Modified: Thu, 30 Jan 2020 14:38:04 GMT
Content-Type: text/html
Content-Length: 5414
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
--18b96d00-E--
<title ng-bind="page.title | translate"></title> <div ng-if="!fatalError">
<!-- Content for logged-in users -->
<div ng-if="!expectedCredentials">
<!-- Global status/error dialog -->
<div ng-class="{shown: guacNotification.getStatus()}" class="status-outer">
<div class="status-middle">
<guac-notification notification="guacNotification.getStatus()"></guac-notification>
</div>
</div>
<div id="content" ng-view>
</div>
</div>
<!-- Login screen for logged-out users -->
<guac-login ng-show="expectedCredentials"
help-text="loginHelpText"
form="expectedCredentials"
values="acceptedCredentials"></guac-login>
</div>
<!-- Absolute fatal error -->
<div ng-if="fatalError" ng-class="{shown: fatalError}" class="fatal-page-error-outer">
<div class="fatal-page-error-middle">
<div class="fatal-page-error">
<h1 translate="APP.DIALOG_HEADER_ERROR"></h1>
<p translate="APP.ERROR_PAGE_UNAVAILABLE"></p>
</div>
</div>
</div>
<!-- Reformat URL for AngularJS if query parameters are present -->
<script type="text/javascript" src="relocateParameters.js"></script>
<!-- Utility libraries -->
<script type="text/javascript" src="webjars/jquery/3.3.1/dist/jquery.min.js"></script>
<script type="text/javascript" src="webjars/lodash/4.17.10/dist/lodash.min.js"></script>
<!-- AngularJS -->
<script type="text/javascript" src="webjars/angular/1.6.9/angular.min.js"></script>
<script type="text/javascript" src="webjars/angular-route/1.6.9/angular-route.min.js"></script>
<script type="text/javascript" src="webjars/angular-touch/1.6.9/angular-touch.min.js"></script>
<!-- Internationalization -->
<script type="text/javascript" src="webjars/messageformat/1.0.2/messageformat.min.js"></script>
<script type="text/javascript" src="webjars/angular-translate/2.16.0/angular-translate.min.js"></script>
<script type="text/javascript" src="webjars/angular-translate-interpolation-messageformat/2.16.0/angular-translate-interpolation-messageformat.min.js"></script>
<script type="text/javascript" src="webjars/angular-translate-loader-static-files/2.16.0/angular-translate-loader-static-files.min.js"></script>
<!-- JSTZ -->
<script type="text/javascript" src="webjars/jstz/1.0.10/dist/jstz.min.js"></script>
<!-- Pickr (color picker) -->
<script type="text/javascript" src="webjars/simonwep__pickr/1.2.6/dist/pickr.es5.min.js"></script>
<!-- Polyfills for the "datalist" element, Blob and the FileSaver API -->
<script type="text/javascript" src="webjars/blob-polyfill/1.0.20150320/Blob.js"></script>
<script type="text/javascript" src="webjars/datalist-polyfill/1.14.0/datalist-polyfill.min.js"></script>
<script type="text/javascript" src="webjars/filesaver/1.3.3/FileSaver.min.js"></script>
<!-- Allow arbitrary ordering of Angular module creation and retrieval -->
<script type="text/javascript" src="webjars/angular-module-shim/0.0.4/angular-module-shim.js"></script>
<!-- Web application -->
<script type="text/javascript" src="app.js?v=1.1.0"></script>
</body>
--18b96d00-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Initial (No.1) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/ to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/ to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805567082859 11556 (- - -)
Stopwatch2: 1580805567082859 11556; combined=3443, p1=613, p2=561, p3=49, p4=2152, p5=68, sr=127, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--18b96d00-Z--
--9bfe6b67-A--
[04/Feb/2020:09:39:27 +0100] Xjktv-A4XMHvYwMDNIoJKwAAAAQ 1.2.3.4 25747 4.3.2.1 443
--9bfe6b67-B--
GET /webjars/simonwep__pickr/1.2.6/dist/themes/monolith.min.css HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: text/css,/;q=0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--9bfe6b67-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
ETag: monolith.min.css_1.2.6
Expires: Wed, 05 Feb 2020 08:39:27 GMT
Last-Modified: Wed, 05 Feb 2020 08:39:27 GMT
Cache-Control: private, max-age=86400
Content-Type: text/css
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
--9bfe6b67-E--
--9bfe6b67-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.2) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/webjars/simonwep__pickr/1.2.6/dist/themes/monolith.min.css to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/webjars/simonwep__pickr/1.2.6/dist/themes/monolith.min.css to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805567224951 2741 (- - -)
Stopwatch2: 1580805567224951 2741; combined=889, p1=238, p2=404, p3=58, p4=120, p5=69, sr=55, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--9bfe6b67-Z--
--82f12272-A--
[04/Feb/2020:09:39:27 +0100] Xjktv-A4XMHvYwMDNIoJLAAAAAQ 1.2.3.4 25747 4.3.2.1 443
--82f12272-B--
GET /app.css?v=1.1.0 HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: text/css,/;q=0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--82f12272-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 03 Feb 2020 11:50:07 GMT
Content-Type: text/css
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
--82f12272-E--
--82f12272-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.3) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/app.css?v=1.1.0 to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/app.css?v=1.1.0 to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805567387484 2785 (- - -)
Stopwatch2: 1580805567387484 2785; combined=1196, p1=433, p2=544, p3=37, p4=130, p5=52, sr=105, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--82f12272-Z--
--31a0b819-A--
[04/Feb/2020:09:39:28 +0100] XjktwPA4XMHvYwMDNIoJLQAAAAQ 1.2.3.4 25747 4.3.2.1 443
--31a0b819-B--
GET /api/languages HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Accept: application/json, text/plain, /
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--31a0b819-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
--31a0b819-E--
--31a0b819-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.4) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/api/languages to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/api/languages to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805568548278 5435 (- - -)
Stopwatch2: 1580805568548278 5435; combined=1356, p1=578, p2=558, p3=43, p4=115, p5=62, sr=120, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--31a0b819-Z--
--9bfe6b67-A--
[04/Feb/2020:09:39:28 +0100] XjktwJ3txajrA-xlLqTeHQAAAAE 1.2.3.4 25751 4.3.2.1 443
--9bfe6b67-B--
POST /api/tokens HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Content-Length: 0
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Content-Type: application/x-www-form-urlencoded
Origin: https://gw.mydomain.org
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--9bfe6b67-C--
--9bfe6b67-F--
HTTP/1.1 403
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
--9bfe6b67-E--
--9bfe6b67-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Initial (No.1) HTTPS request received for child 1 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/api/tokens to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/api/tokens to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805568559078 16900 (- - -)
Stopwatch2: 1580805568559078 16900; combined=1797, p1=699, p2=886, p3=34, p4=100, p5=78, sr=158, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--9bfe6b67-Z--
--b4481044-A--
[04/Feb/2020:09:39:28 +0100] XjktwPA4XMHvYwMDNIoJLgAAAAQ 1.2.3.4 25747 4.3.2.1 443
--b4481044-B--
GET /api/patches HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Accept: application/json, text/plain, /
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--b4481044-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
--b4481044-E--
--b4481044-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.5) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/api/patches to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/api/patches to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805568605104 2043 (- - -)
Stopwatch2: 1580805568605104 2043; combined=847, p1=289, p2=426, p3=25, p4=58, p5=49, sr=61, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--b4481044-Z--
--752f982a-A--
[04/Feb/2020:09:39:28 +0100] XjktwPA4XMHvYwMDNIoJLwAAAAQ 1.2.3.4 25747 4.3.2.1 443
--752f982a-B--
GET /translations/en.json HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Accept: application/json, text/plain, /
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--752f982a-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 03 Feb 2020 11:50:07 GMT
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
--752f982a-E--
--752f982a-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.6) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/translations/en.json to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/translations/en.json to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805568694288 2401 (- - -)
Stopwatch2: 1580805568694288 2401; combined=1241, p1=405, p2=618, p3=41, p4=106, p5=70, sr=90, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--752f982a-Z--
--82f12272-A--
[04/Feb/2020:09:39:28 +0100] XjktwJ3txajrA-xlLqTeHgAAAAE 1.2.3.4 25751 4.3.2.1 443
--82f12272-B--
GET /images/logo-144.png HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: image/webp,image/apng,image/,/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--82f12272-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 03 Feb 2020 11:50:07 GMT
Content-Type: image/png
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
--82f12272-E--
--82f12272-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.2) HTTPS request received for child 1 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/images/logo-144.png to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/images/logo-144.png to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805568726494 2096 (- - -)
Stopwatch2: 1580805568726494 2096; combined=822, p1=211, p2=359, p3=52, p4=107, p5=93, sr=56, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--82f12272-Z--
--31a0b819-A--
[04/Feb/2020:09:39:28 +0100] XjktwJ3txajrA-xlLqTeHwAAAAE 1.2.3.4 25751 4.3.2.1 443
--31a0b819-B--
GET /images/logo-144.png HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: image/webp,image/apng,image/,/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--31a0b819-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 03 Feb 2020 11:50:07 GMT
Content-Type: image/png
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
--31a0b819-E--
--31a0b819-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.3) HTTPS request received for child 1 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/images/logo-144.png to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/images/logo-144.png to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805568828747 2039 (- - -)
Stopwatch2: 1580805568828747 2039; combined=798, p1=244, p2=339, p3=46, p4=101, p5=68, sr=47, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--31a0b819-Z--
--d616100e-A--
[04/Feb/2020:09:39:41 +0100] Xjkty-A4XMHvYwMDNIoJMAAAAAQ 1.2.3.4 25747 4.3.2.1 443
--d616100e-B--
POST /api/tokens HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Content-Length: 39
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Content-Type: application/x-www-form-urlencoded
Origin: https://gw.mydomain.org
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--d616100e-C--
username=vdipaola&password=len01cha2020
--d616100e-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
--d616100e-E--
--d616100e-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.7) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/api/tokens to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/api/tokens to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805579745203 1446384 (- - -)
Stopwatch2: 1580805579745203 1446384; combined=1579, p1=518, p2=849, p3=46, p4=99, p5=67, sr=121, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--d616100e-Z--
--601bee42-A--
[04/Feb/2020:09:39:41 +0100] XjktzfA4XMHvYwMDNIoJMQAAAAQ 1.2.3.4 25747 4.3.2.1 443
--601bee42-B--
POST /api/tokens HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Content-Length: 70
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Content-Type: application/x-www-form-urlencoded
Origin: https://gw.mydomain.org
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--601bee42-C--
token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7
--601bee42-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
--601bee42-E--
--601bee42-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.8) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/api/tokens to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/api/tokens to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805581457641 3422 (- - -)
Stopwatch2: 1580805581457641 3422; combined=1509, p1=538, p2=729, p3=53, p4=118, p5=71, sr=122, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--601bee42-Z--
--b4481044-A--
[04/Feb/2020:09:39:41 +0100] XjktzZ3txajrA-xlLqTeIAAAAAE 1.2.3.4 25751 4.3.2.1 443
--b4481044-B--
GET /api/patches?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Accept: application/json, text/plain, /
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--b4481044-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
--b4481044-E--
--b4481044-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.4) HTTPS request received for child 1 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/api/patches?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/api/patches?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805581485843 2951 (- - -)
Stopwatch2: 1580805581485843 2951; combined=1349, p1=453, p2=737, p3=26, p4=67, p5=65, sr=112, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--b4481044-Z--
--752f982a-A--
[04/Feb/2020:09:39:41 +0100] XjktzZ3txajrA-xlLqTeIQAAAAE 1.2.3.4 25751 4.3.2.1 443
--752f982a-B--
GET /api/session/data/ldap/connectionGroups/ROOT/tree?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Accept: application/json, text/plain, /
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--752f982a-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
--752f982a-E--
--752f982a-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.5) HTTPS request received for child 1 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/api/session/data/ldap/connectionGroups/ROOT/tree?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/api/session/data/ldap/connectionGroups/ROOT/tree?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805581562187 3175 (- - -)
Stopwatch2: 1580805581562187 3175; combined=1130, p1=309, p2=597, p3=45, p4=104, p5=75, sr=59, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--752f982a-Z--
--c239252e-A--
[04/Feb/2020:09:39:41 +0100] XjktzfA4XMHvYwMDNIoJMgAAAAQ 1.2.3.4 25747 4.3.2.1 443
--c239252e-B--
GET /api/session/data/ldap/self/permissions?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Accept: application/json, text/plain, /
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--c239252e-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
--c239252e-E--
--c239252e-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.9) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/api/session/data/ldap/self/permissions?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/api/session/data/ldap/self/permissions?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805581570399 3031 (- - -)
Stopwatch2: 1580805581570399 3031; combined=1000, p1=286, p2=578, p3=30, p4=56, p5=50, sr=61, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--c239252e-Z--
--03166323-A--
[04/Feb/2020:09:39:41 +0100] XjktzfA4XMHvYwMDNIoJMwAAAAQ 1.2.3.4 25747 4.3.2.1 443
--03166323-B--
GET /images/progress.png HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: image/webp,image/apng,image/,/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/app.css?v=1.1.0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--03166323-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
ETag: W/"473-1580394902000"
Last-Modified: Thu, 30 Jan 2020 14:35:02 GMT
Content-Type: image/png
Content-Length: 473
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=91
Connection: Keep-Alive
--03166323-E--
--03166323-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.10) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/images/progress.png to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/images/progress.png to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805581986875 2083 (- - -)
Stopwatch2: 1580805581986875 2083; combined=839, p1=269, p2=393, p3=34, p4=80, p5=63, sr=55, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--03166323-Z--
--02ff6a66-A--
[04/Feb/2020:09:39:42 +0100] XjktzvA4XMHvYwMDNIoJNAAAAAQ 1.2.3.4 25747 4.3.2.1 443
--02ff6a66-B--
GET /api/session/data/ldap/users/vdipaola?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Accept: application/json, text/plain, /
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--02ff6a66-F--
HTTP/1.1 404
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=90
Connection: Keep-Alive
Transfer-Encoding: chunked
--02ff6a66-E--
--02ff6a66-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.11) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/api/session/data/ldap/users/vdipaola?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/api/session/data/ldap/users/vdipaola?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805582097497 2865 (- - -)
Stopwatch2: 1580805582097497 2865; combined=1228, p1=460, p2=601, p3=30, p4=73, p5=64, sr=105, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--02ff6a66-Z--
--d616100e-A--
[04/Feb/2020:09:39:42 +0100] Xjktzp3txajrA-xlLqTeIgAAAAE 1.2.3.4 25751 4.3.2.1 443
--d616100e-B--
GET /api/session/data/ldap/self/effectivePermissions?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Accept: application/json, text/plain, /
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--d616100e-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
--d616100e-E--
--d616100e-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.6) HTTPS request received for child 1 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/api/session/data/ldap/self/effectivePermissions?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/api/session/data/ldap/self/effectivePermissions?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805582107299 4282 (- - -)
Stopwatch2: 1580805582107299 4282; combined=1203, p1=313, p2=644, p3=66, p4=109, p5=71, sr=67, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--d616100e-Z--
--601bee42-A--
[04/Feb/2020:09:39:42 +0100] Xjktzp3txajrA-xlLqTeIwAAAAE 1.2.3.4 25751 4.3.2.1 443
--601bee42-B--
GET /api/session/data/ldap/activeConnections?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Accept: application/json, text/plain, /
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--601bee42-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
--601bee42-E--
--601bee42-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.7) HTTPS request received for child 1 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/api/session/data/ldap/activeConnections?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/api/session/data/ldap/activeConnections?token=3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805582285853 2350 (- - -)
Stopwatch2: 1580805582285853 2350; combined=1207, p1=342, p2=730, p3=30, p4=57, p5=48, sr=66, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--601bee42-Z--
--c239252e-A--
[04/Feb/2020:09:39:42 +0100] Xjktzp3txajrA-xlLqTeJAAAAAE 1.2.3.4 25751 4.3.2.1 443
--c239252e-B--
GET /images/user-icons/guac-user.png HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: image/webp,image/apng,image/,/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/app.css?v=1.1.0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--c239252e-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
ETag: W/"1049-1580394902000"
Last-Modified: Thu, 30 Jan 2020 14:35:02 GMT
Content-Type: image/png
Content-Length: 1049
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=93
Connection: Keep-Alive
--c239252e-E--
--c239252e-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.8) HTTPS request received for child 1 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/images/user-icons/guac-user.png to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/images/user-icons/guac-user.png to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805582585907 2100 (- - -)
Stopwatch2: 1580805582585907 2100; combined=959, p1=364, p2=367, p3=45, p4=98, p5=84, sr=101, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--c239252e-Z--
--f3d75837-A--
[04/Feb/2020:09:39:42 +0100] XjktzvA4XMHvYwMDNIoJNQAAAAQ 1.2.3.4 25747 4.3.2.1 443
--f3d75837-B--
GET /images/arrows/down.png HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: image/webp,image/apng,image/,/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/app.css?v=1.1.0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--f3d75837-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
ETag: W/"282-1580394902000"
Last-Modified: Thu, 30 Jan 2020 14:35:02 GMT
Content-Type: image/png
Content-Length: 282
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=89
Connection: Keep-Alive
--f3d75837-E--
--f3d75837-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.12) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/images/arrows/down.png to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/images/arrows/down.png to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805582585164 2979 (- - -)
Stopwatch2: 1580805582585164 2979; combined=1010, p1=300, p2=414, p3=59, p4=134, p5=103, sr=63, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--f3d75837-Z--
--03166323-A--
[04/Feb/2020:09:39:42 +0100] Xjktzp3txajrA-xlLqTeJQAAAAE 1.2.3.4 25751 4.3.2.1 443
--03166323-B--
GET /images/action-icons/guac-logout-dark.png HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: image/webp,image/apng,image/,/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/app.css?v=1.1.0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--03166323-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
ETag: W/"1032-1580394902000"
Last-Modified: Thu, 30 Jan 2020 14:35:02 GMT
Content-Type: image/png
Content-Length: 1032
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=92
Connection: Keep-Alive
--03166323-E--
--03166323-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.9) HTTPS request received for child 1 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/images/action-icons/guac-logout-dark.png to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/images/action-icons/guac-logout-dark.png to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805582678105 1603 (- - -)
Stopwatch2: 1580805582678105 1603; combined=794, p1=262, p2=380, p3=25, p4=62, p5=65, sr=58, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--03166323-Z--
--62f6d671-A--
[04/Feb/2020:09:39:42 +0100] XjktzvA4XMHvYwMDNIoJNgAAAAQ 1.2.3.4 25747 4.3.2.1 443
--62f6d671-B--
GET /images/magnifier.png HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: image/webp,image/apng,image/,/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/app.css?v=1.1.0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--62f6d671-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
ETag: W/"1058-1580394902000"
Last-Modified: Thu, 30 Jan 2020 14:35:02 GMT
Content-Type: image/png
Content-Length: 1058
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=88
Connection: Keep-Alive
--62f6d671-E--
--62f6d671-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.13) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/images/magnifier.png to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/images/magnifier.png to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805582677504 2312 (- - -)
Stopwatch2: 1580805582677504 2312; combined=1189, p1=506, p2=538, p3=33, p4=61, p5=51, sr=106, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--62f6d671-Z--
--02ff6a66-A--
[04/Feb/2020:09:39:42 +0100] Xjktzp3txajrA-xlLqTeJgAAAAE 1.2.3.4 25751 4.3.2.1 443
--02ff6a66-B--
GET /images/protocol-icons/guac-text.png HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: image/webp,image/apng,image/,/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/app.css?v=1.1.0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--02ff6a66-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
ETag: W/"792-1580394902000"
Last-Modified: Thu, 30 Jan 2020 14:35:02 GMT
Content-Type: image/png
Content-Length: 792
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=91
Connection: Keep-Alive
--02ff6a66-E--
--02ff6a66-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.10) HTTPS request received for child 1 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/images/protocol-icons/guac-text.png to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/images/protocol-icons/guac-text.png to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805582748073 2389 (- - -)
Stopwatch2: 1580805582748073 2389; combined=1038, p1=298, p2=538, p3=55, p4=90, p5=56, sr=61, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--02ff6a66-Z--
--e235b77e-A--
[04/Feb/2020:09:39:42 +0100] XjktzvA4XMHvYwMDNIoJNwAAAAQ 1.2.3.4 25747 4.3.2.1 443
--e235b77e-B--
GET /images/protocol-icons/guac-monitor.png HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: image/webp,image/apng,image/,/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/app.css?v=1.1.0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--e235b77e-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
ETag: W/"691-1580394902000"
Last-Modified: Thu, 30 Jan 2020 14:35:02 GMT
Content-Type: image/png
Content-Length: 691
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=87
Connection: Keep-Alive
--e235b77e-E--
--e235b77e-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.14) HTTPS request received for child 4 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/images/protocol-icons/guac-monitor.png to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/images/protocol-icons/guac-monitor.png to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805582761721 1762 (- - -)
Stopwatch2: 1580805582761721 1762; combined=785, p1=247, p2=378, p3=33, p4=68, p5=58, sr=50, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--e235b77e-Z--
--f3d75837-A--
[04/Feb/2020:09:39:42 +0100] Xjktzp3txajrA-xlLqTeJwAAAAE 1.2.3.4 25751 4.3.2.1 443
--f3d75837-B--
GET /images/action-icons/guac-home-dark.png HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: image/webp,image/apng,image/,/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/app.css?v=1.1.0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--f3d75837-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
ETag: W/"780-1580394902000"
Last-Modified: Thu, 30 Jan 2020 14:35:02 GMT
Content-Type: image/png
Content-Length: 780
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=90
Connection: Keep-Alive
--f3d75837-E--
--f3d75837-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.11) HTTPS request received for child 1 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/images/action-icons/guac-home-dark.png to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/images/action-icons/guac-home-dark.png to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805582821035 2105 (- - -)
Stopwatch2: 1580805582821035 2105; combined=959, p1=320, p2=460, p3=34, p4=81, p5=63, sr=71, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--f3d75837-Z--
--0d304619-A--
[04/Feb/2020:09:39:42 +0100] XjktzqHdiT4yD8UE-eGKQgAAAAc 1.2.3.4 25762 4.3.2.1 443
--0d304619-B--
GET /images/action-icons/guac-config-dark.png HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Accept: image/webp,image/apng,image/,/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://gw.mydomain.org/app.css?v=1.1.0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--0d304619-F--
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
ETag: W/"966-1580394902000"
Last-Modified: Thu, 30 Jan 2020 14:35:02 GMT
Content-Type: image/png
Content-Length: 966
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
--0d304619-E--
--0d304619-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Initial (No.1) HTTPS request received for child 7 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/images/action-icons/guac-config-dark.png to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/images/action-icons/guac-config-dark.png to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805582820634 14696 (- - -)
Stopwatch2: 1580805582820634 14696; combined=969, p1=349, p2=412, p3=52, p4=108, p5=48, sr=81, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--0d304619-Z--
--ccb7f952-A--
[04/Feb/2020:09:39:45 +0100] Xjkt0aHdiT4yD8UE-eGKQwAAAAc 1.2.3.4 25762 4.3.2.1 443
--ccb7f952-B--
DELETE /api/tokens/3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7 HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Origin: https://gw.mydomain.org
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--ccb7f952-F--
HTTP/1.1 403 Forbidden
X-Frame-Options: SAMEORIGIN
Content-Length: 199
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
--ccb7f952-E--
<title>403 Forbidden</title>Forbidden
You don't have permission to access this resource.
--ccb7f952-H--
Message: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "DELETE"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"]
Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"]
Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"]
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.2) HTTPS request received for child 7 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 1.2.3.4] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "DELETE"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "gw.mydomain.org"] [uri "/api/tokens/3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7"] [unique_id "Xjkt0aHdiT4yD8UE-eGKQwAAAAc"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 1.2.3.4] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gw.mydomain.org"] [uri "/api/tokens/3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7"] [unique_id "Xjkt0aHdiT4yD8UE-eGKQwAAAAc"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 1.2.3.4] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "gw.mydomain.org"] [uri "/api/tokens/3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7"] [unique_id "Xjkt0aHdiT4yD8UE-eGKQwAAAAc"]
Action: Intercepted (phase 2)
Apache-Handler: proxy-server
Stopwatch: 1580805585665721 1169 (- - -)
Stopwatch2: 1580805585665721 1169; combined=879, p1=304, p2=493, p3=0, p4=0, p5=82, sr=68, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--ccb7f952-Z--
--c4e92139-A--
[04/Feb/2020:09:39:45 +0100] Xjkt0aHdiT4yD8UE-eGKRAAAAAc 1.2.3.4 25762 4.3.2.1 443
--c4e92139-B--
POST /api/tokens HTTP/1.1
Host: gw.mydomain.org
Connection: keep-alive
Content-Length: 0
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Linux; Android 9; S40) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36
Content-Type: application/x-www-form-urlencoded
Origin: https://gw.mydomain.org
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://gw.mydomain.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
--c4e92139-C--
--c4e92139-F--
HTTP/1.1 403
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
--c4e92139-E--
--c4e92139-H--
Apache-Error: [file "ssl_engine_kernel.c"] [line 376] [level 7] AH02034: Subsequent (No.3) HTTPS request received for child 7 (server gw.mydomain.org:443)
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of Require all granted: granted
Apache-Error: [file "mod_authz_core.c"] [line 817] [level 7] AH01626: authorization result of : granted
Apache-Error: [file "mod_proxy.c"] [line 1247] [level 7] AH01143: Running scheme https handler (attempt 0)
Apache-Error: [file "proxy_util.c"] [line 2379] [level 7] AH00944: connecting https://localhost:8443/sg/api/tokens to localhost:8443
Apache-Error: [file "proxy_util.c"] [line 2588] [level 7] AH00947: connected /sg/api/tokens to localhost:8443
Apache-Handler: proxy-server
Stopwatch: 1580805585738184 4122 (- - -)
Stopwatch2: 1580805585738184 4122; combined=1485, p1=586, p2=676, p3=48, p4=102, p5=72, sr=134, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache
Engine-Mode: "ENABLED"
--c4e92139-Z--
Audit Logs / Triggered Rule Numbers
Here is my reverse proxy log with ModSecurity messages:
[Tue Feb 04 09:39:45.666250 2020] [:error] [pid 13371] [client 1.2.3.4:25762] [client 1.2.3.4] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "DELETE"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "gw.mydomain.org"] [uri "/api/tokens/3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7"] [unique_id "Xjkt0aHdiT4yD8UE-eGKQwAAAAc"], referer: https://gw.mydomain.org/
[Tue Feb 04 09:39:45.666685 2020] [:error] [pid 13371] [client 1.2.3.4:25762] [client 1.2.3.4] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gw.mydomain.org"] [uri "/api/tokens/3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7"] [unique_id "Xjkt0aHdiT4yD8UE-eGKQwAAAAc"], referer: https://gw.mydomain.org/
[Tue Feb 04 09:39:45.666818 2020] [:error] [pid 13371] [client 1.2.3.4:25762] [client 1.2.3.4] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "gw.mydomain.org"] [uri "/api/tokens/3FBB792067A12678DFF2405B1C3CEB22939E1FD74DB0920364C28F2A7019A9A7"] [unique_id "Xjkt0aHdiT4yD8UE-eGKQwAAAAc"], referer: https://gw.mydomain.org/
Your Environment
- CRS version (e.g., v3.2.0): 3.2.0
- Paranoia level setting: undefined (so defaults to 1)
- ModSecurity version (e.g., 2.9.3): 2.9.3
- Web Server and version (e.g., apache 2.4.41): apache-2.4.41
- Operating System and version: Gentoo Linux (current stable)
Confirmation
[X ] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.
Regards,
Vieri
Hi there, the rule alert says the following:
- ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD"
- Method is not allowed by policy
So the DELETE method is not allowed based on your configuration.
You should add DELETE to the list of allowed methods in rule 900200 in your crs-setup.conf. The rule is commented out by default. So activate the rule and add the method to the tx.allowed_methods variable.