I installed an AJAX chat/shoutbox application on a web server and was wondering why it wasn't working under Firefox 3. Using the excellent Mozilla Firefox addon Firebug, I noticed that the request POST to the target PHP script was getting a 403 Forbidden error. I have mod security installed on the server, so I took a look at the audit_log and noticed the following (excerpt) for the particular request that was being denied:
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
mod_security-action: 403
mod_security-message: Access denied with code 403. Pattern match "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)" at HEADER("Content-Type") [severity "EMERGENCY"]
Apparently Firefox 3 adds "charset=UTF-8" to the Content-Type header. So in summary:
Firefox 2/Internet Explorer sends: "application/x-www-form-urlencoded"
Firefox 3 sends: "application/x-www-form-urlencoded; charset=UTF-8"
So I changed the following in mod_security.conf:
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
to:
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded*|^multipart/form-data)"
And it worked. But now I'm having some oddball caching issue with Firefox 3 where it doesn't want to refresh the AJAX chat application right after a new message has been posted....
Subscribe to:
Posts (Atom)
