[users@httpd] mod security turned on, but having some issues

[b k <bk...@gmail.com>]

Hi all,
The web application which I am currently supporting incorporates reports
generating functionality using Java Reporting Component which worked fine on
WebSphere App server and also Apache 2.2 before turning on the mod security
configuration. The app used to generate reports in a PDF format on both IE
and Firefox browsers pretty well. Now that the mod security config is turned
on, reports could not be generated properly on any browser. I have these
issues:
On IE: I get the File Download dialog with the warning "The file you are
downloading cannot be opened by the default program. It is either corrupted
or has an incorrect file type." Instead, the report should open Adobe Report
automatically.

On Firefox: All weird characters show up on the browser - looks like
encoding issue.

When I tested the above issue directly on the App server, there is no
problem which led me to suspect that Apache 2.2 configuration is the CAUSE
for this ISSUE.

Please help ASAP!!!

Thanks!

Re: [users@httpd] mod security turned on, but having some issues

[André Warnier <aw...@ice-sa.com>]

b k wrote:
> Thanks for the immediate reply Andre!! I just installed HTTPFox and ran the
> test again. You were right.
> Content-Type on the working server is application/pdf
> Content-Type on the non-working server is text/html
> 
> May I know why this is happening?

Unfortunately, about that I don't have a clue.
But now, with the above information, maybe someone else more familiar 
with mod_security will be able to help you.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod security turned on, but having some issues

[b k <bk...@gmail.com>]

Thanks for the immediate reply Andre!! I just installed HTTPFox and ran the
test again. You were right.
Content-Type on the working server is application/pdf
Content-Type on the non-working server is text/html

May I know why this is happening?

On Mon, Nov 2, 2009 at 9:59 AM, André Warnier <aw...@ice-sa.com> wrote:

> b k wrote:
>
>> Hi all,
>> The web application which I am currently supporting incorporates reports
>> generating functionality using Java Reporting Component which worked fine
>> on
>> WebSphere App server and also Apache 2.2 before turning on the mod
>> security
>> configuration. The app used to generate reports in a PDF format on both IE
>> and Firefox browsers pretty well. Now that the mod security config is
>> turned
>> on, reports could not be generated properly on any browser. I have these
>> issues:
>> On IE: I get the File Download dialog with the warning "The file you are
>> downloading cannot be opened by the default program. It is either
>> corrupted
>> or has an incorrect file type." Instead, the report should open Adobe
>> Report
>> automatically.
>>
>> On Firefox: All weird characters show up on the browser - looks like
>> encoding issue.
>>
>> When I tested the above issue directly on the App server, there is no
>> problem which led me to suspect that Apache 2.2 configuration is the CAUSE
>> for this ISSUE.
>>
>> Please help ASAP!!!
>>
>>  ASAP is never a good word to use on a forum where contributors donate
> their time to help. Specially not in UPPERCASE.
>
> Maybe you should start by getting the following add-ons to your browsers,
> and then carefully examine the HTTP headers which they are receiving along
> with the problematic documents :
> For IE : Fiddler2
> For Firefox : HTTPFox of LiveHttpHeaders
>
> If possible, compare these received headers with the ones you were
> receiving before.
> That will really allow someone here to help you efficiently.
>
> The headers to focus on are probably
>
> Content-type
> Content-disposition
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Re: [users@httpd] mod security turned on, but having some issues

[André Warnier <aw...@ice-sa.com>]

b k wrote:
> Hi all,
> The web application which I am currently supporting incorporates reports
> generating functionality using Java Reporting Component which worked fine on
> WebSphere App server and also Apache 2.2 before turning on the mod security
> configuration. The app used to generate reports in a PDF format on both IE
> and Firefox browsers pretty well. Now that the mod security config is turned
> on, reports could not be generated properly on any browser. I have these
> issues:
> On IE: I get the File Download dialog with the warning "The file you are
> downloading cannot be opened by the default program. It is either corrupted
> or has an incorrect file type." Instead, the report should open Adobe Report
> automatically.
> 
> On Firefox: All weird characters show up on the browser - looks like
> encoding issue.
> 
> When I tested the above issue directly on the App server, there is no
> problem which led me to suspect that Apache 2.2 configuration is the CAUSE
> for this ISSUE.
> 
> Please help ASAP!!!
> 
ASAP is never a good word to use on a forum where contributors donate 
their time to help. Specially not in UPPERCASE.

Maybe you should start by getting the following add-ons to your 
browsers, and then carefully examine the HTTP headers which they are 
receiving along with the problematic documents :
For IE : Fiddler2
For Firefox : HTTPFox of LiveHttpHeaders

If possible, compare these received headers with the ones you were 
receiving before.
That will really allow someone here to help you efficiently.

The headers to focus on are probably

Content-type
Content-disposition



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org