Request Missing a User Agent Header

Clash Royale CLAN TAG#URR8PPP

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;

up vote
2
down vote

favorite

I activated ModSecurity on a cheap web hosting but I have no control over it: that is, the only thing the service provider lets you do is reading logs but, unfortunately, you can't really configure ModSecurity yourself.

This morning I found this log:

[Sun Sep 16 16:50:31 2018] 
[error] 
[client 214.250.181.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. 
[file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] 
[line "65"] 
[id "960009"] 
[rev "2.1.1"] 
[msg "Request Missing a User Agent Header"] 
[severity "NOTICE"] 
[tag "PROTOCOL_VIOLATION/MISSING_HEADER_UA"] 
[tag "WASCTC/WASC-21"] 
[tag "OWASP_TOP_10/A7"] 
[tag "PCI/6.5.10"] 
[hostname "www.example.com"] 
[uri "/firepro/newfile.txt"] 

I verified this happens when my PHP code simply tries to read and echo the contents of newfile.txt using file_get_contents. This error breaks a Wordpress widget and renders it useless (it doesn't display any content, since the content is provided by the txt file overwritten every hour by PHP with the help of a cronjob).

What header is ModSecurity expecting? Why do I need to specify a User Agent header?

http-headers mod-security

share|improve this question

asked 3 hours ago

Ian Bell

1235

New contributor

Ian Bell is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
2
down vote

favorite

I activated ModSecurity on a cheap web hosting but I have no control over it: that is, the only thing the service provider lets you do is reading logs but, unfortunately, you can't really configure ModSecurity yourself.

This morning I found this log:

[Sun Sep 16 16:50:31 2018] 
[error] 
[client 214.250.181.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. 
[file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] 
[line "65"] 
[id "960009"] 
[rev "2.1.1"] 
[msg "Request Missing a User Agent Header"] 
[severity "NOTICE"] 
[tag "PROTOCOL_VIOLATION/MISSING_HEADER_UA"] 
[tag "WASCTC/WASC-21"] 
[tag "OWASP_TOP_10/A7"] 
[tag "PCI/6.5.10"] 
[hostname "www.example.com"] 
[uri "/firepro/newfile.txt"] 

I verified this happens when my PHP code simply tries to read and echo the contents of newfile.txt using file_get_contents. This error breaks a Wordpress widget and renders it useless (it doesn't display any content, since the content is provided by the txt file overwritten every hour by PHP with the help of a cronjob).

What header is ModSecurity expecting? Why do I need to specify a User Agent header?

http-headers mod-security

share|improve this question

asked 3 hours ago

Ian Bell

1235

New contributor

Ian Bell is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
2
down vote

favorite

up vote
2
down vote

favorite

I activated ModSecurity on a cheap web hosting but I have no control over it: that is, the only thing the service provider lets you do is reading logs but, unfortunately, you can't really configure ModSecurity yourself.

This morning I found this log:

[Sun Sep 16 16:50:31 2018] 
[error] 
[client 214.250.181.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. 
[file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] 
[line "65"] 
[id "960009"] 
[rev "2.1.1"] 
[msg "Request Missing a User Agent Header"] 
[severity "NOTICE"] 
[tag "PROTOCOL_VIOLATION/MISSING_HEADER_UA"] 
[tag "WASCTC/WASC-21"] 
[tag "OWASP_TOP_10/A7"] 
[tag "PCI/6.5.10"] 
[hostname "www.example.com"] 
[uri "/firepro/newfile.txt"] 

I verified this happens when my PHP code simply tries to read and echo the contents of newfile.txt using file_get_contents. This error breaks a Wordpress widget and renders it useless (it doesn't display any content, since the content is provided by the txt file overwritten every hour by PHP with the help of a cronjob).

What header is ModSecurity expecting? Why do I need to specify a User Agent header?

http-headers mod-security

share|improve this question

asked 3 hours ago

Ian Bell

1235

New contributor

Ian Bell is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

I activated ModSecurity on a cheap web hosting but I have no control over it: that is, the only thing the service provider lets you do is reading logs but, unfortunately, you can't really configure ModSecurity yourself.

This morning I found this log:

[Sun Sep 16 16:50:31 2018] 
[error] 
[client 214.250.181.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. 
[file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] 
[line "65"] 
[id "960009"] 
[rev "2.1.1"] 
[msg "Request Missing a User Agent Header"] 
[severity "NOTICE"] 
[tag "PROTOCOL_VIOLATION/MISSING_HEADER_UA"] 
[tag "WASCTC/WASC-21"] 
[tag "OWASP_TOP_10/A7"] 
[tag "PCI/6.5.10"] 
[hostname "www.example.com"] 
[uri "/firepro/newfile.txt"] 

I verified this happens when my PHP code simply tries to read and echo the contents of newfile.txt using file_get_contents. This error breaks a Wordpress widget and renders it useless (it doesn't display any content, since the content is provided by the txt file overwritten every hour by PHP with the help of a cronjob).

What header is ModSecurity expecting? Why do I need to specify a User Agent header?

http-headers mod-security

http-headers mod-security

share|improve this question

asked 3 hours ago

Ian Bell

1235

New contributor

Ian Bell is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 3 hours ago

Ian Bell

1235

New contributor

Ian Bell is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

share|improve this question

asked 3 hours ago

Ian Bell

1235

New contributor

Ian Bell is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 3 hours ago

Ian Bell

1235

asked 3 hours ago

Ian Bell

1235

1235

New contributor

Ian Bell is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

New contributor

Ian Bell is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Ian Bell is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

add a comment | 

1 Answer
1

active

oldest

votes

up vote
2
down vote



accepted

I verified this happens when my PHP code simply tries to read and echo the contents of newfile.txt using file_get_contents.

It sounds like you are requesting newfile.txt over HTTP instead of making a direct request on the filesystem. If you use the HTTP protocol then PHP makes an entirely separate HTTP request, using the user_agent value in php.ini - which is NULL by default. (You can set this in your script with a call like ini_set('user_agent','my-user-agent')).

However, if this file is on your local filesystem then you should be making a local filesystem call instead, using an absolute filesystem path. For example:

file_get_contents($_SERVER['DOCUMENT_ROOT'].'/path/to/newfile.txt');

share|improve this answer

answered 1 hour ago

MrWhite

29.1k33362

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  You're right, thanks!
  – Ian Bell
  1 hour ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "45"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

Ian Bell is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fwebmasters.stackexchange.com%2fquestions%2f117765%2frequest-missing-a-user-agent-header%23new-answer', 'question_page');

);

Post as a guest

Name Email

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
2
down vote



accepted

I verified this happens when my PHP code simply tries to read and echo the contents of newfile.txt using file_get_contents.

It sounds like you are requesting newfile.txt over HTTP instead of making a direct request on the filesystem. If you use the HTTP protocol then PHP makes an entirely separate HTTP request, using the user_agent value in php.ini - which is NULL by default. (You can set this in your script with a call like ini_set('user_agent','my-user-agent')).

However, if this file is on your local filesystem then you should be making a local filesystem call instead, using an absolute filesystem path. For example:

file_get_contents($_SERVER['DOCUMENT_ROOT'].'/path/to/newfile.txt');

share|improve this answer

answered 1 hour ago

MrWhite

29.1k33362

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  You're right, thanks!
  – Ian Bell
  1 hour ago
  

  
  
  
  

add a comment | 

up vote
2
down vote



accepted

I verified this happens when my PHP code simply tries to read and echo the contents of newfile.txt using file_get_contents.

It sounds like you are requesting newfile.txt over HTTP instead of making a direct request on the filesystem. If you use the HTTP protocol then PHP makes an entirely separate HTTP request, using the user_agent value in php.ini - which is NULL by default. (You can set this in your script with a call like ini_set('user_agent','my-user-agent')).

However, if this file is on your local filesystem then you should be making a local filesystem call instead, using an absolute filesystem path. For example:

file_get_contents($_SERVER['DOCUMENT_ROOT'].'/path/to/newfile.txt');

share|improve this answer

answered 1 hour ago

MrWhite

29.1k33362

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  You're right, thanks!
  – Ian Bell
  1 hour ago
  

  
  
  
  

add a comment | 

up vote
2
down vote



accepted

up vote
2
down vote



accepted

I verified this happens when my PHP code simply tries to read and echo the contents of newfile.txt using file_get_contents.

It sounds like you are requesting newfile.txt over HTTP instead of making a direct request on the filesystem. If you use the HTTP protocol then PHP makes an entirely separate HTTP request, using the user_agent value in php.ini - which is NULL by default. (You can set this in your script with a call like ini_set('user_agent','my-user-agent')).

However, if this file is on your local filesystem then you should be making a local filesystem call instead, using an absolute filesystem path. For example:

file_get_contents($_SERVER['DOCUMENT_ROOT'].'/path/to/newfile.txt');

share|improve this answer

answered 1 hour ago

MrWhite

29.1k33362

I verified this happens when my PHP code simply tries to read and echo the contents of newfile.txt using file_get_contents.

It sounds like you are requesting newfile.txt over HTTP instead of making a direct request on the filesystem. If you use the HTTP protocol then PHP makes an entirely separate HTTP request, using the user_agent value in php.ini - which is NULL by default. (You can set this in your script with a call like ini_set('user_agent','my-user-agent')).

However, if this file is on your local filesystem then you should be making a local filesystem call instead, using an absolute filesystem path. For example:

file_get_contents($_SERVER['DOCUMENT_ROOT'].'/path/to/newfile.txt');

share|improve this answer

answered 1 hour ago

MrWhite

29.1k33362

share|improve this answer

share|improve this answer

answered 1 hour ago

MrWhite

29.1k33362

answered 1 hour ago

MrWhite

29.1k33362

answered 1 hour ago

MrWhite

29.1k33362

29.1k33362

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  You're right, thanks!
  – Ian Bell
  1 hour ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  You're right, thanks!
  – Ian Bell
  1 hour ago
  

  
  
  
  

1

1

You're right, thanks!
– Ian Bell
1 hour ago

You're right, thanks!
– Ian Bell
1 hour ago

add a comment | 

Ian Bell is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Ian Bell is a new contributor. Be nice, and check out our Code of Conduct.

Ian Bell is a new contributor. Be nice, and check out our Code of Conduct.

Ian Bell is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fwebmasters.stackexchange.com%2fquestions%2f117765%2frequest-missing-a-user-agent-header%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email