Home/ Questions/Q 8012741
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T19:25:12+00:00

Modsecurity question… What is the REQUEST_METHOD test doing in the following? It appears twice.

  • 0

Modsecurity question…

What is the REQUEST_METHOD test doing in the following? It appears twice.

SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"

SecRule &REQUEST_HEADERS:Accept "@eq 0" \
    "chain,phase:2,skip:1,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
SecRule REQUEST_HEADERS:Accept "^$" \
    "chain,phase:2,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \
    "skip:1,phase:2,t:none,deny,log,auditlog,status:400,msg:'Request Missing a User Agent Header',id:'960009',tag:'PROTOCOL_VIOLATION/MISSING_HEADER',severity:'4'"
SecRule REQUEST_HEADERS:User-Agent "^$" \
    "t:none,deny,log,auditlog,status:400,msg:'Request Missing a User Agent Header',id:'960009',tag:'PROTOCOL_VIOLATION/MISSING_HEADER',severity:'4'"
SecMarker 969999

Please, don’t explain the whole thing, I can read everything else. It looks like the REQUEST_METHOD test, however, is some sort of voodoo…

BTW, the test of the Accept is wrong. The Accept option is not mandatory as per HTTP.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Although the Rule SecRule REQUEST_METHOD “!^OPTIONS$” “t:none” appeared twice but each time it is chained with another rule.

    Chain is an action in ModSecurity that combine two or more Rules to form a single Rule.

    1st rule is now:

    SecRule &REQUEST_HEADERS:Accept "@eq 0" \
   "chain,phase:2,skip:1,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"

    2nd rule is now:

    SecRule REQUEST_HEADERS:Accept "^$" \
    "chain,phase:2,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
    • 0