mod security and google - still can't figure this one out

morrow95

Well-Known Member
Oct 8, 2006
146
6
168
Getting these constantly in modsec logs - as you will see it is a Google IP:

Code:
2013-05-13 13:56:38 66.249.73.204   Access denied with code 501 (phase 2). Match of "rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "38"] [id "960032"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [tag "POLICY/METHOD_NOT_ALLOWED"]
While I do have CSF installed I have turned off the banning/blocking for modsec triggers, however, it still concerns me that this is being triggered and especially since it is Google.

501 usually has to do with ssl which at the moment I have no ssl certs on my server - I did, however, at one time.

Any ideas? Is this Google just trying to crawl the old site which had an ssl cert, and if so, why would that be triggering modsec rather than just a regular error with no problems?

Since Google can't be banned as I turned that off in the firewall it still gets 'blocked' by modsec and that is what I would like to correct if possible.

Or another possibility I thought was someone is spoofing their IP address somehow. Either way any help would be appreciated.
 

morrow95

Well-Known Member
Oct 8, 2006
146
6
168
Yes, Google is trying to crawl the old site.
Thanks for the response... would you just suggest leaving as is or is there another type of solution? I would think since there is no ssl to connect to it would throw a regular 501 error instead of how it is handled currently. The site is still on the server, but only with a simple 'coming soon' index and has been so for quite some time. I'm thinking Google keeps crawling because it is not returning the proper error.