Hi,

I have problem, we install mod_security on out proxy server between zimbra server and users.


Server -> apche proxy + mod security <- remote users


We use default settings on mod security and getting problem on Ajax Zimbra.

We getting security alert:
PHP Code:
[06/Jan/2009:14:01:52 +0100] [zzzz.info/sid#8xxxx0][rid#a9xxx0][/service/soap/SearchRequest][1] Access denied with code 501 (phase 2). Match of "rx (?:^(?:application\\/x-www-form-urlencoded(?:;(?:\\s?charset\\s?=\\s?[\\w\\d\\-]{1,18})?)??$|multipart/form-data;)|text/xml)" against "REQUEST_HEADERS:Content-Type" required. [file "/etc/modsecurity2/modsecurity_crs_30_http_policy.conf"] [line "69"] [id "960010"] [msg "Request content type is not allowed by policy"] [severity "WARNING"] [tag "POLICY/ENCODING_NOT_ALLOWED"] 

And this is the rule line:

PHP Code:
SecRule REQUEST_METHOD "!^(?:get|head|propfind|options)$" \
    
"phase:2,chain,t:none,t:lowercase,deny,log,auditlog,status:501,msg:'Request content type is not allowed by policy',id:'960010',tag:'POLICY/ENCODING_NOT_ALLOWED',severity:'4'"
SecRule REQUEST_HEADERS:Content-Type "!(?:^(?:application\/x-www-form-urlencoded(?:;(?:\s?charset\s?=\s?[\w\d\-]{1,18})?)??$|multipart/form-data;)|text/xml)" "t:none" 
Could you help us, to change It, we need Zimbra Ajax working...

Regards