Hello wise monks!
I'm writing a script to do some monitoring of a webapp, which involves following a bunch of redirects around. One of these redirect steps is behind ModSecurity on apache, and is rejecting my normal requests from $mechanize->get(...). I've managed to get it to work with firefox and openssl s_client, but I'm not sure how to make Mechanize send the request in a format that ModSecurity will accept.
Mechanize wants to send something like this:
GET https://host1.example.com/application-web/function?param1=abc¶ +m2=def Accept-Encoding: gzip User-Agent: WWW-Mechanize/1.34
ModSecurity will only accept something like this:
GET /application-web/function?param1=abc¶m2=def HTTP/1.1 Host: host1.example.com User-Agent: WWW-Mechanize/1.34 Accept: text/html,application/xhtml+xml,application/xml Accept-Encoding: gzip
Notice that ModSecurity wants the Host identifier on a separate line from the get, which is the first issue I'm having trouble with.
It also requires an HTTP version specification on the GET line.
(It also needs an Accept: line, but I believe that can be addressed once the other issues are).
I've looked at the documentation for HTTP::Request but I'm still not sure if there's a way to do this. I'm ok using lower-level stuff like LWP and HTTP::Request, but I need to share a cookie jar with the other requests in my redirect chain (or rewrite all those to use a different module which can handle my specific need and works with cookies). Changing the ModSecurity policies is not an option at this time.
Thanks in advance.
In reply to Changing WWW::Mechanize Request to obey ModSecurity rules by pdc
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |