Recently with having mod_security running on this server I noticed some errors in the mod_security logs in relation to content encoding
[22/Feb/2010:20:41:06 +0000] [www.pablumfication.co.uk/sid#7f5543997918][rid#7f5543ef1228][/wp-admin/load-styles.php][2] Warning. Operator EQ matched 0 at GLOBAL. [file "/etc/apache2/conf.d/modsecurity/modsecurity_crs_30_http_policy.conf"] [line "120"] [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"]
I did a bit of research into the error and found a good post on Klaubert’s Blog – modsecurity vs content compression he suggests a mod_deflate config. He also mentions gmane Mail Archive Rule 960903 – content encodings post where the orignal config is from.
The config file seems to work perfectly but I just thought I would make this post to add a bit of a step by step to making this configuration file work under a standard Ubuntu 9.04 install running mod_security as it is likely that all the required modules will not be enabled by default.
First enable the following modules
sudo a2enmod ext_filter
sudo a2enmod headers
sudo a2enmod filter
Next using your favourite editor start editing /etc/apache2/mods-enabled/deflate.conf and comment out the existing content then add the following.
<IfModule mod_deflate.c>
ExtFilterDefine nodeflate mode=output cmd=/bin/true \
enableenv=SomeVarThatWillNeverBeSet
SetOutputFilter DEFLATE
# Netscape 4.x has some problems¦
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# IE is ok, but looked like Netscape, so we reset it
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Accept-Encoding gzip force-gzip
SetEnvIfNoCase TE gzip force-gzip
RequestHeader unset Accept-Encoding
RequestHeader unset TE
# Skip images based on extension
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|zip|exe|swf|mp?eg|mp3|tgz|tar.gz|avi|ico|gz)$ no-gzip dont-vary
# Make sure caching still works
Header append Vary User-Agent env=!dont-vary
<IfModule mod_security2.c>
FilterDeclare modsec CONTENT_SET
FilterProvider modsec modsecurity_out env=modsec-ignore !=1
</IfModule>
FilterDeclare compress CONTENT_SET
FilterProvider compress deflate env=force-gzip =1
#FilterProvider compress inflate Content-Type $image/jpeg
#FilterProvider compress inflate Content-Type $image/gif
#FilterProvider compress inflate Content-Type $image/png
FilterProtocol compress "change=yes"
<IfModule mod_security2.c>
FilterChain modsec compress
</IfModule>
<IfModule !mod_security2.c>
FilterChain compress
</IfModule>
</IfModule>
Lastly restart apache
sudo apache2ctl graceful
and thats it done this should allow for mod_security & mod_deflate to run on the server together without erroring.