[RCD] [RCU] recurring problem at the level of authentication and total absence of log

chasd chasd at silveroaks.com
Wed Nov 25 17:30:21 CET 2009

Sorry I was too busy yesterday to respond to your post on RCU.
When I glanced at your post, I thought it might be mod_security  
causing the issue.

>> [file
>> "/etc/httpd/modsecurity.d/ 
>> modsecurity_crs_21_protocol_anomalies.conf"]
>> [line "41"] [id "960015"] [msg "Reque
>> st Missing an Accept Header"] [severity "CRITICAL"]
>> "roundcube.renelacrout
>> e.fr"] [uri "/"] [unique_id "bdt3UVdiuugAAHbbVjAAAAAA"]
>> [Mon Nov 23 00:54:27 2009] [error] [client] ModSecurity:
>> Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD
>> " required.

There are several errors related to this.
Some Googling indicates a header needs to be added to the output.

A quick search indicates several files that would need to be modified :

[chasd at mail roundcube]$ find . -name '*.php' -exec grep -l "header 
('Content-Type:" {} \;

This page :

indicates this line should be added to each of those files after the  
content type header :

header('Accept: text/xml');

As for the

>> Match of "rx ^OPTIONS$" against "REQUEST_METHOD"

that is a warning and shouldn't impact the functionality of RoundCube.
I did not find a fix for that warning, and I'm not familiar enough  
with mod_security to know exactly what it is complaining about.

My Google search indicates that other web apps that control their  
headers run into this issue with mod_security, notably Gallery2.

Charles Dostale
System Admin - Silver Oaks Communications
824 17th Street, Moline  IL  61265

List info: http://lists.roundcube.net/dev/

More information about the Dev mailing list