Comments on: Google Checkout, 501 Error with Mod Security + Solution http://www.edmondscommerce.co.uk/security/google-checkout-501-error-with-mod-security-solution/ Freelance PHP Ecommerce and SEO Developer in the UK Sat, 11 Feb 2012 03:49:53 +0000 hourly 1 http://wordpress.org/?v=3.1.3 By: admin http://www.edmondscommerce.co.uk/security/google-checkout-501-error-with-mod-security-solution/comment-page-1/#comment-3053 admin Tue, 11 Jan 2011 16:24:14 +0000 http://www.edmondscommerce.co.uk/blog/?p=271#comment-3053 Hi Ryan thanks for the feedback not sure for this client now tbh, its a while since I did this post. glad your comment is here for future reference though! Hi Ryan

thanks for the feedback

not sure for this client now tbh, its a while since I did this post.

glad your comment is here for future reference though!

]]> By: Ryan Barnett http://www.edmondscommerce.co.uk/security/google-checkout-501-error-with-mod-security-solution/comment-page-1/#comment-3052 Ryan Barnett Tue, 11 Jan 2011 15:34:02 +0000 http://www.edmondscommerce.co.uk/blog/?p=271#comment-3052 What version of CRS are you using? You should be able to go into the modsecurity_crs_10_config.conf file and update the HTTP Policy variables. There is a setvar line that lets you customize your local, allowed Content-Type values - setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded multipart/form-data text/xml application/xml application/x-amf', These values are used in macro expansion by the detection rules in the 30 file. Just add the legit Content-Type request header value for the googlecheckout API. What version of CRS are you using? You should be able to go into the modsecurity_crs_10_config.conf file and update the HTTP Policy variables. There is a setvar line that lets you customize your local, allowed Content-Type values -

setvar:’tx.allowed_request_content_type=application/x-www-form-urlencoded multipart/form-data text/xml application/xml application/x-amf’,

These values are used in macro expansion by the detection rules in the 30 file. Just add the legit Content-Type request header value for the googlecheckout API.

]]> By: admin http://www.edmondscommerce.co.uk/security/google-checkout-501-error-with-mod-security-solution/comment-page-1/#comment-1076 admin Thu, 26 Mar 2009 13:21:19 +0000 http://www.edmondscommerce.co.uk/blog/?p=271#comment-1076 this is a much better solution as it only disabled the rule at the point we need to disable it, but will keep the rule active everywhere else.. cheers Victor :) this is a much better solution as it only disabled the rule at the point we need to disable it, but will keep the rule active everywhere else..

cheers Victor :)

]]> By: Victor Julien http://www.edmondscommerce.co.uk/security/google-checkout-501-error-with-mod-security-solution/comment-page-1/#comment-1074 Victor Julien Thu, 26 Mar 2009 12:58:55 +0000 http://www.edmondscommerce.co.uk/blog/?p=271#comment-1074 You can also disable a rule for a specific location like this: [code] <LocationMatch "/googlecheckout/api"> SecRuleRemoveById 960010 </LocationMatch> [/code] The nice thing about it is that you can put this in a separate file (disabled.conf for example) so you don't have to redo the change to the rules file every time you update it... You can also disable a rule for a specific location like this:

PLAIN TEXT
CODE:
  1. <LocationMatch "/googlecheckout/api">
  2.     SecRuleRemoveById 960010
  3. </LocationMatch>

The nice thing about it is that you can put this in a separate file (disabled.conf for example) so you don't have to redo the change to the rules file every time you update it...

]]>