[cmake-developers] [CMake 0015774]: CTest result submission over http fails to set Content-Type header which runs afoul of ModSecurity rules
Mantis Bug Tracker
mantis at public.kitware.com
Wed Oct 7 17:49:45 EDT 2015
The following issue has been SUBMITTED.
======================================================================
https://cmake.org/Bug/view.php?id=15774
======================================================================
Reported By: Derek Bruening
Assigned To:
======================================================================
Project: CMake
Issue ID: 15774
Category: CTest
Reproducibility: always
Severity: block
Priority: low
Status: new
======================================================================
Date Submitted: 2015-10-07 17:49 EDT
Last Modified: 2015-10-07 17:49 EDT
======================================================================
Summary: CTest result submission over http fails to set
Content-Type header which runs afoul of ModSecurity rules
Description:
On some web hosting providers, ModSecurity rules are in place that prevent using
CTest with a CDash installation on that provider. The particular rule looks
like this (pieces removed for anonymity):
ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^0$" against
"REQUEST_HEADERS:Content-Length" required. [msg "Request Containing Content, but
Missing Content-Type header"] [uri "/CDash/submit.php"]
CTest runs show this error:
Submit files (using http)
Using HTTP submit method
Drop site:http://<mysite>/CDash/submit.php?project=<myproject>
Error when uploading file: <mypath>/Testing/20151005-0900/Build.xml
Error message was: The requested URL returned error: 406 Not Acceptable
Problems when submitting via HTTP
The same 406 error is seen using curl -T:
# curl -T <mypath>/Testing/20151007-0900/Build.xml
http://<mysite>/CDash/submit.php?project=<myproject>
<head><title>Not Acceptable!</title></head><body><h1>Not Acceptable!</h1><p>An
appropriate representation of the requested resource could not be found on this
server. This error was generated by Mod_Security.</p></body></html>
These hosting providers do not allow any method of disabling particular rules or
ModSecurity in general.
While we can debate the merits of this rule, it is simple to work around by
providing a Content-Type header. E.g., curl -d works:
# curl -d @<mypath>/Testing/20151007-0900/Build.xml
http://<mysite>/CDash/submit.php?project=<myproject>
<cdash version="2.2.2">
<status>OK</status>
<message></message>
<md5>...</md5>
</cdash>
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2015-10-07 17:49 Derek Bruening New Issue
======================================================================
More information about the cmake-developers
mailing list