Double charset-header

[leonelr]

Hi there,
I have appended the same comments below on the following issue "ModSecurity 2.7.5 for Nginx 1.4.2 duplicate charset headers".

In response, I was told that there was an update on the way the header is set and that it was fixed under the development tree.

I have updated my MODSEC with the Branch Master code and I still see the same issue.

Please see below my original comments .... any help would be much appreciated.

---

Is there a way to prevent MODSEC from adding the second charset-header at all (assuming this is expected behaviour)?

I am running version 2.7.7 on NGINX version 1.4.4 (Ubuntu 12.04 LTS) and I can not find a way to toggle this on / off .... not even sure if this is even possible (sorry.. I am pretty new to modsec).

At the moment I have an issue where with modsecurity enabled we appear to be seeing duplicate charset attributes... for example, Content-Type: text/xml; Charset=UTF-8; charset=UTF-8;.... browsers will ignore the duplicate "Charset=UTF-8; charset=UTF-8"; but this is breaking one of my applications (we think that possibly MSXML is choking on it (when it retrieves such content using a document() call)).. just doesn't like that double charset.... the page throws the following error: "....System does not support the specified encoding......"

Thanks.

[zimmerle]

Hi @leonerl,

Thanks for the bug report. The bug is confirmed. I was able to reproduce with the following configuration:

server {
        listen 8088;
        server_name localhost;
        error_log  logs/error_server_8088.log debug;

        ModSecurityEnabled on;
        ModSecurityConfig /etc/modsecurity/modsecurity.conf;

        location / {
                proxy_pass  http://www.google.com;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
                proxy_redirect off;
                proxy_buffering off;
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

Using curl, that is what i got:

(zimmerle@zlinux)-(/usr/local/nginx/sbin)$ curl --head http://localhost:8088
HTTP/1.1 302 Found
Server: nginx/1.4.4
Date: Thu, 23 Jan 2014 01:24:33 GMT
Content-Type: text/html; charset=UTF-8; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: http://www.google.com/
Cache-Control: private

There is no configuration directive to suppress the Charset.

Here is the slice of the code where the charset is placed:
https://github.com/SpiderLabs/ModSecurity/blob/master/nginx/modsecurity/ngx_http_modsecurity.c#L617-L620

The bug is also reproducible with nginx-1.4.3.

[zimmerle]

Hi @leonerl, can you test the branch: issue_650, it can be found at: https://github.com/SpiderLabs/ModSecurity/tree/issue_650

[leonelr]

Thanks Felipe .. I will try it out today ... sorry about the late response, it was a long weekend here in AUS.
Will keep you updated.

Cheers,

On 24/01/2014, at 12:20 AM, Felipe Zimmerle wrote:

Hi @leonerl, can you test the branch: issue_650, it can be found at: https://github.com/SpiderLabs/ModSecurity/tree/issue_650

?
Reply to this email directly or view it on GitHub.

Leonel Retamar
C o n s t r u n e t . c o m . a u
We bring a different future to life
P.O.BOX 1933 NSW 2059
Sydney - Australia
m.: +61 413 770 222
e.: leonel.retamar@construnet.com.au
w.: http://www.construnet.com.au

[leonelr]

IT WORKS!
Great jobs... much appreciated.

Regards,

On 24/01/2014, at 12:20 AM, Felipe Zimmerle wrote:

Hi @leonerl, can you test the branch: issue_650, it can be found at: https://github.com/SpiderLabs/ModSecurity/tree/issue_650

?
Reply to this email directly or view it on GitHub.

Leonel Retamar
C o n s t r u n e t . c o m . a u
We bring a different future to life
P.O.BOX 1933 NSW 2059
Sydney - Australia
m.: +61 413 770 222
e.: leonel.retamar@construnet.com.au
w.: http://www.construnet.com.au