Getting these constantly in modsec logs - as you will see it is a Google IP:
While I do have CSF installed I have turned off the banning/blocking for modsec triggers, however, it still concerns me that this is being triggered and especially since it is Google.
501 usually has to do with ssl which at the moment I have no ssl certs on my server - I did, however, at one time.
Any ideas? Is this Google just trying to crawl the old site which had an ssl cert, and if so, why would that be triggering modsec rather than just a regular error with no problems?
Since Google can't be banned as I turned that off in the firewall it still gets 'blocked' by modsec and that is what I would like to correct if possible.
Or another possibility I thought was someone is spoofing their IP address somehow. Either way any help would be appreciated.
Code:
2013-05-13 13:56:38 66.249.73.204 Access denied with code 501 (phase 2). Match of "rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "38"] [id "960032"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [tag "POLICY/METHOD_NOT_ALLOWED"]501 usually has to do with ssl which at the moment I have no ssl certs on my server - I did, however, at one time.
Any ideas? Is this Google just trying to crawl the old site which had an ssl cert, and if so, why would that be triggering modsec rather than just a regular error with no problems?
Since Google can't be banned as I turned that off in the firewall it still gets 'blocked' by modsec and that is what I would like to correct if possible.
Or another possibility I thought was someone is spoofing their IP address somehow. Either way any help would be appreciated.
