Invalid Content-Type header

By azurit 22 days ago
Completed

Hi,


your browser is sending invalid Content-Type header (image/*) which is why it's getting blocked on every server running modsecurity. Please fix it, thank you.

Comments (9)

photo
1

Hi there,

Thanks for your feedback. Can we see a screenshot of this error message?

photo
1

What error message do you mean?

photo
1

You mentioned the browser is sending invalid content type header image, can we see a screenshot of that?

photo
1

The value in the braces IS the value of Content-Type header your browser is sending (and Content-Type of value 'image/*' is really invalid, please see HTTP protocol RFCs).

photo
1

Can we get an address of any modsecurity server for testing or it’s your local-private?

photo
1

Hm, I'm trying to reproduce it by myself but i'm failing. Until now, i just saw our customers (there were multiple of them) getting blocked because of invalid Content-Type and i thought they are using Aloha browser because of this User-Agent:

Aloha/17 CFNetwork/978.0.7 Darwin/18.7.0

Is this what your browser is using as an User-Agent?

photo
1

We reproduced the bug and fix it in upcoming releases!

photo
1

Cool :) Thank you.

photo
1

You are most welcome 👍