[error] [client] ModSecurity: Access denied with code 400 (phase 2). Pattern match __^[\\\\d\\\\.]+$__ at REQUEST_HEADERS:Ho

by Anonymous on 13 Feb 2009

I'm running fedora 10 and it seems apache's mod_security is having an issue with loading videos from localhost ip I get that error about unable to load video, etc.

I ran tail -f /var/log/httpd/error_log.

Here's my apache info from the log:

Apache/2.2.10 (Unix) DAV/2 PHP/5.2.6 mod_ssl/2.2.10 OpenSSL/0.9.8g Apache/2.2.0 (Fedora) configured.

The interesting error I am getting is as follows:

[error] [client] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\\\d\\\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname ""] [uri "/videocache/youtube/sY7aYXY9TQo"] [unique_id "SZTPnH8AAAEAAEAVQigAAAAA"].

The work around I did was to comment out line 60 from /etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf.:

# Check that the host header is not an IP address 
#SecRule REQUEST_HEADERS:Host "^[\\d\\.]+$" "phase:2,t:none,deny,log,auditlog,status:400,msg:'Host header is a numeric IP address', severity:'2',id:'960017',ta#g:'PROTOCOL_VIOLATION/IP_HOST'".

That works, the videos will load from, but I don't like changing mod_security because I'm an apache noob.

Is this a know issue? Know of a better solution for me?

I don't know if this is relevant but my /etc/hosts file is as follows:

# Do not remove the following line, or various programs
# that require network functionality will fail.       localhost.localdomain localhost localhost
::1     localhost6.localdomain6 localhost6

1 Answers

by Kulbir Saini on 13 Feb 2009


That should not be an issue. But if you still find that scary, you can set cache_host to localhost instead of . I think that should solve the problem.

Thank you for using videocache :)

You need to sign in. Please sign in to add answer to this question.