I run several SilverStripe sites on my server. Ever since I launched one the sites, I've been receiving at least 2 e-mails every day, saying mod_security has permanently blocked a user accessing this site as they tripped one of the mod_security rules.
The exact log entries are:
[Wed Mar 16 13:01:08 2011]
[error]
[client 194.176.105.47]
ModSecurity: Access denied with code 501 (phase 2).
Match of "rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required.
[file "/usr/local/apache/conf/modsec2.user.conf"]
[line "38"]
[id "960032"]
[msg "Method is not allowed by policy"]
[severity "CRITICAL"]
[tag "POLICY/METHOD_NOT_ALLOWED"]
[hostname "eusos.esicm.org"]
[uri "/assets"]
[unique_id "TYC0lG17QnoAAFBVOhIAAAAF"]
Usually it blocks them after 5 of these.
It appears to be saying that the user tried to use a method other than POST, GET, OPTIONS or HEAD.
The site receives roughly 100 visits a day, and I receive at least 2 or 3 emails per day with this error. All from different users, sometimes from users I know are definitely genuine.
So I suppose I'd like to know the following:
- What is causing the users to trip this rule? Is it SilverStripe?
- What can I do to stop legitimate users getting blocked?
- Is it safe to just disable this rule?
Any advice would be much appreciated.
Thanks
James