On Mon Sep 16 14:19:54 2013, Robert Middleton wrote:
> [Mon Sep 16 16:08:17 2013] [error] [client <ipaddr>] ModSecurity: Access
> denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS.
> [file "/opt/mod_security/10_asl_rules.conf"] [line "64"] [id "390616"] [rev
> "2"] [msg "POST request must have a Content-Length header"] [severity
> "WARNING"] [hostname <hostname>] [uri "/svn/!svn/me"] [unique_id <id>]
This looks like your mod_security configuration doesn't know about
chunked encoding for requests. 1.8.x now prefers to use chunked
encoding in requests. I'm not sure what you need to change to
configure mod_security to allow chunked requests but that's what you'll
probably want to do.
1.8.1 also added an option to change this behavior on the client side
if changing the above isn't an option. Setting the
http-chunked-requests setting to no should disable chunked requests and
restore the behavior that pre-1.8.x clients had with their requests.
However, I would recommend that you fix the server since there are
advantages to using chunked requests (e.g. we don't have to buffer
requests to calculate the size before starting to send the request).
This section in our Release Notes should be helpful to you:
http://subversion.apache.org/docs/release-notes/1.8.html#411-length-required
Received on 2013-09-17 02:37:56 CEST