Need to know more about this Error on httpd.conf

Question

Hi ,

We are trying to use AEM servlet to append few request headers to the CDN where our asset is stored.

When we are trying to download that document following error comes,

[Mon Aug 12 10:03:53.156076 2024] [:error] [pid 1172019:tid 140122938914560] [client 10.9.253.196:53476] [client 10.9.253.196] ModSecurity: Warning. Match of "pmFromFile ./modsecurity_ams_00_author_domains.data" against "REQUEST_HEADERS:Host" required. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_ams_16_r6_pattern_traversal_block_logonly.conf"] [line "33"] [id "230301161"] [msg "[R6-pattern-traversal-block] Logging invalid request against traversals"] [hostname "aem-origin.XXXX.com"] [uri "/bin/mchp/downloadeuladocument.json"] [unique_id "ZrneCeNCct0rXGlACWeG-wAAAAc"], referer: https://www.XXXX.com/en-us/documents-eula-agreement?pathUrl=https://ww1.XXXX.com/downloads/eula/aemdocuments/documents/adaptec/productdocuments/softwarelibraries/xxxxx.tgz

Does anyone knows what is missing in the config ? which can make AEM append headers which inturn allows file to get downloaded.

Thanks,

Any suggestions much appreciated !

Poovitha S

MukeshYadav_ · Accepted Answer

Hi

Seems that request header is block as per modsecurity rules R6-pattern-traversal-block.

You may ask server team to whitelist that header or the expected pattern required as per their configuration in line 33 of conf file

[file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_ams_16_r6_pattern_traversal_block_logonly.conf"] [line "33"

Thanks

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded