Description
Dear Dennus,
After using the latest modsecurity and modsecurity-nginx still we are getting (header already sent while sending response to client) the below error.
2018/03/22 13:38:33 [alert] 17057#0: *9 header already sent while sending response to client, client: 125.63.93.130, server: test-beta.xyz.com, request: "GET /test/ HTTP/1.1", upstream: "http://192.168.123.81:80/retailer/", host: "test-beta.xyz.com", referrer: "https://test-beta.xyz.com/test/
nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-pcre-jit --with-debug --with-http_ssl_module --with-http_realip_module --add-module=/opt/ModSecurity-nginx/
git clone https://github.com/SpiderLabs/ModSecurity
https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.0.2.tar.gz
nginx file
location /test {
modsecurity on;
modsecurity_rules_file /etc/nginx/waf-load-config/main.conf;
if ($request_uri ~* \.(?:ico|css|js|gif|jpe?g|png|swf)$)
{
expires 30d;
}
proxy_cache backcache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_ignore_headers X-Accel-Expires;
proxy_ignore_headers Cache-Control;
proxy_hide_header Server;
add_header X-Test-Cache $upstream_cache_status;
add_header Access-Control-Allow-Origin: https://dxjnuc5ep2kkjhnhbt.cloudfront.net;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass_request_headers on;
proxy_pass http://test;
}
Quick response will be really appreciated.
Thanks