Recently with having mod_security running on this server I noticed some errors in the mod_security logs in relation to content encoding

[22/Feb/2010:20:41:06 +0000] [www.pablumfication.co.uk/sid#7f5543997918][rid#7f5543ef1228][/wp-admin/load-styles.php][2] Warning. Operator EQ matched 0 at GLOBAL. [file "/etc/apache2/conf.d/modsecurity/modsecurity_crs_30_http_policy.conf"] [line "120"] [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"]

I did a bit of research into the error and found a good post on Klaubert’s Blog – modsecurity vs content compression he suggests a mod_deflate config. He also mentions gmane Mail Archive Rule 960903 – content encodings post where the orignal config is from.

The config file seems to work perfectly but I just thought I would make this post to add a bit of a step by step to making this configuration file work under a standard Ubuntu 9.04 install running mod_security as it is likely that all the required modules will not be enabled by default.

First enable the following modules

sudo a2enmod ext_filter
sudo a2enmod headers
sudo a2enmod filter

Next using your favourite editor start editing /etc/apache2/mods-enabled/deflate.conf and comment out the existing content then add the following.

<IfModule mod_deflate.c>
 ExtFilterDefine nodeflate mode=output cmd=/bin/true \
 enableenv=SomeVarThatWillNeverBeSet

 SetOutputFilter DEFLATE

 # Netscape 4.x has some problems¦
 BrowserMatch ^Mozilla/4 gzip-only-text/html
 # Netscape 4.06-4.08 have some more problems
 BrowserMatch ^Mozilla/4\.0[678] no-gzip
 # IE is ok, but looked like Netscape, so we reset it
 BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

 SetEnvIfNoCase Accept-Encoding gzip force-gzip
 SetEnvIfNoCase TE gzip force-gzip

 RequestHeader unset Accept-Encoding
 RequestHeader unset TE

 # Skip images based on extension
 SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|zip|exe|swf|mp?eg|mp3|tgz|tar.gz|avi|ico|gz)$ no-gzip dont-vary

 # Make sure caching still works
 Header append Vary User-Agent env=!dont-vary

 <IfModule mod_security2.c>
 FilterDeclare modsec CONTENT_SET
 FilterProvider modsec modsecurity_out env=modsec-ignore !=1
 </IfModule>

 FilterDeclare compress CONTENT_SET
 FilterProvider compress deflate env=force-gzip =1
 #FilterProvider compress inflate Content-Type $image/jpeg
 #FilterProvider compress inflate Content-Type $image/gif
 #FilterProvider compress inflate Content-Type $image/png

 FilterProtocol compress "change=yes"
 <IfModule mod_security2.c>
 FilterChain modsec compress
 </IfModule>

 <IfModule !mod_security2.c>
 FilterChain compress
 </IfModule>
</IfModule>

Lastly restart apache

sudo apache2ctl graceful

and thats it done this should allow for mod_security & mod_deflate to run on the server together without erroring.

Share this post

Leave a Reply

CAPTCHA (required) Time limit is exhausted. Please reload CAPTCHA.