mod security turned on, but having some issues

--0016e6dab18ea1ac42047764799a
Content-Type: text/plain; charset=ISO-8859-1

Hi all,
The web application which I am currently supporting incorporates reports
generating functionality using Java Reporting Component which worked fine on
WebSphere App server and also Apache 2.2 before turning on the mod security
configuration. The app used to generate reports in a PDF format on both IE
and Firefox browsers pretty well. Now that the mod security config is turned
on, reports could not be generated properly on any browser. I have these
issues:
On IE: I get the File Download dialog with the warning "The file you are
downloading cannot be opened by the default program. It is either corrupted
or has an incorrect file type." Instead, the report should open Adobe Report
automatically.

On Firefox: All weird characters show up on the browser - looks like
encoding issue.

When I tested the above issue directly on the App server, there is no
problem which led me to suspect that Apache 2.2 configuration is the CAUSE
for this ISSUE.

Please help ASAP!!!

Thanks!

--0016e6dab18ea1ac42047764799a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi all,
The web application which I am currently supporting incorporates=
reports generating functionality using Java Reporting Component which work=
ed fine on WebSphere App server and also Apache 2.2 before turning on the m=
od security configuration. The app used to generate reports in a PDF format=
on both IE and Firefox browsers pretty well. Now that the mod security con=
fig is turned on, reports could not be generated properly on any browser. I=
have these issues:

On IE: I get the File Download dialog with the warning "The file you a=
re downloading cannot be opened by the default program. It is either corrup=
ted or has an incorrect file type." Instead, the report should open Ad=
obe Report automatically.


On Firefox: All weird characters show up on the browser - looks like en=
coding issue.

When I tested the above issue directly on the App serv=
er, there is no problem which led me to suspect that Apache 2.2 configurati=
on is the CAUSE for this ISSUE.


Please help ASAP!!!

Thanks!


--0016e6dab18ea1ac42047764799a--

Re: mod security turned on, but having some issues

b k wrote:
> Hi all,
> The web application which I am currently supporting incorporates reports
> generating functionality using Java Reporting Component which worked fine on
> WebSphere App server and also Apache 2.2 before turning on the mod security
> configuration. The app used to generate reports in a PDF format on both IE
> and Firefox browsers pretty well. Now that the mod security config is turned
> on, reports could not be generated properly on any browser. I have these
> issues:
> On IE: I get the File Download dialog with the warning "The file you are
> downloading cannot be opened by the default program. It is either corrupted
> or has an incorrect file type." Instead, the report should open Adobe Report
> automatically.
>
> On Firefox: All weird characters show up on the browser - looks like
> encoding issue.
>
> When I tested the above issue directly on the App server, there is no
> problem which led me to suspect that Apache 2.2 configuration is the CAUSE
> for this ISSUE.
>
> Please help ASAP!!!
>
ASAP is never a good word to use on a forum where contributors donate
their time to help. Specially not in UPPERCASE.

Maybe you should start by getting the following add-ons to your
browsers, and then carefully examine the HTTP headers which they are
receiving along with the problematic documents :
For IE : Fiddler2
For Firefox : HTTPFox of LiveHttpHeaders

If possible, compare these received headers with the ones you were
receiving before.
That will really allow someone here to help you efficiently.

The headers to focus on are probably

Content-type
Content-disposition



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod security turned on, but having some issues

--0016e6d784ec1558a504776a5f3d
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thanks for the immediate reply Andre!! I just installed HTTPFox and ran the
test again. You were right.
Content-Type on the working server is application/pdf
Content-Type on the non-working server is text/html

May I know why this is happening?

On Mon, Nov 2, 2009 at 9:59 AM, Andr=E9 Warnier wrote:

> b k wrote:
>
>> Hi all,
>> The web application which I am currently supporting incorporates reports
>> generating functionality using Java Reporting Component which worked fin=
e
>> on
>> WebSphere App server and also Apache 2.2 before turning on the mod
>> security
>> configuration. The app used to generate reports in a PDF format on both =
IE
>> and Firefox browsers pretty well. Now that the mod security config is
>> turned
>> on, reports could not be generated properly on any browser. I have these
>> issues:
>> On IE: I get the File Download dialog with the warning "The file you are
>> downloading cannot be opened by the default program. It is either
>> corrupted
>> or has an incorrect file type." Instead, the report should open Adobe
>> Report
>> automatically.
>>
>> On Firefox: All weird characters show up on the browser - looks like
>> encoding issue.
>>
>> When I tested the above issue directly on the App server, there is no
>> problem which led me to suspect that Apache 2.2 configuration is the CAU=
SE
>> for this ISSUE.
>>
>> Please help ASAP!!!
>>
>> ASAP is never a good word to use on a forum where contributors donate
> their time to help. Specially not in UPPERCASE.
>
> Maybe you should start by getting the following add-ons to your browsers,
> and then carefully examine the HTTP headers which they are receiving alon=
g
> with the problematic documents :
> For IE : Fiddler2
> For Firefox : HTTPFox of LiveHttpHeaders
>
> If possible, compare these received headers with the ones you were
> receiving before.
> That will really allow someone here to help you efficiently.
>
> The headers to focus on are probably
>
> Content-type
> Content-disposition
>
>
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project=
..
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

--0016e6d784ec1558a504776a5f3d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thanks for the immediate reply Andre!! I just installed HTTPFox and ran the=
test again. You were right.
Content-Type on the working server is appl=
ication/pdf
Content-Type on the non-working server is text/html


May I know why this is happening?

Re: mod security turned on, but having some issues

b k wrote:
> Thanks for the immediate reply Andre!! I just installed HTTPFox and ran the
> test again. You were right.
> Content-Type on the working server is application/pdf
> Content-Type on the non-working server is text/html
>
> May I know why this is happening?

Unfortunately, about that I don't have a clue.
But now, with the above information, maybe someone else more familiar
with mod_security will be able to help you.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org