OWASP 958295, can anyone explain ?

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
Does anyone know what this Owasp rule is.
I'm seeing a number of these originating from the UK.
Considering that my customer base is 99% UK based, i'm worried that it may be a false positive.
However, i've no idea what it's telling me.

On the subject of OWASP, is there a definitive list of what each rule does, but in laymans terms.
Every Google search iv'e done for 958295 comes up with pages of gobbledygook.

A list that went along the lines:

XXXXXX: Protects against backdoor cyber attack

Code:
ModSecurity: Access denied with redirection to http://www.mydom.co.uk/ using status 302 (phase 2).
Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection.
[file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "203"] [id "958295"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, keep-alive"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "Host: www.mydom.co.uk"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.mydom.co.uk"] [uri "/"] [unique_id "VVTrYtWr3R8AAA1hI-YAAAAD"]
[\code]
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463