Re: Changing WWW::Mechanize Request to obey ModSecurity rules

Replies are listed 'Best First'.
Re^2: Changing WWW::Mechanize Request to obey ModSecurity rules by Anonymous Monk on Feb 26, 2009 at 05:38 UTC
Try package MyMechanize; use base 'WWW::Mechanize'; sub _make_request { my $self = shift; my $request = shift; $request->protocol('HTTP/1.1'); # modify $self->SUPER::_make_request($request, @_); } package main; my $ua = MyMechanize->new; $ua->add_handler("request_send", sub { print "request_send\n";shift-> +dump; return }); $ua->add_handler("response_done", sub { print "response_done\n";shift- +>dump; return }); my $uri = URI->new("https://www.modsecurity.org/"); $ua->get( $uri, 'host' => $uri->host, 'Accept' => 'text/html,application/xhtml+xml,application/xml', ); __END__ request_send GET https://www.modsecurity.org/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml Accept-Encoding: gzip Host: www.modsecurity.org User-Agent: WWW-Mechanize/1.54 (no content) response_done HTTP/1.1 200 OK Connection: close Date: Thu, 26 Feb 2009 05:37:00 GMT Accept-Ranges: bytes Server: Apache........ ....... ..... [download]	[reply] [d/l]
Re^2: Changing WWW::Mechanize Request to obey ModSecurity rules by pdc (Initiate) on Feb 26, 2009 at 14:10 UTC
Thank you anonymous monk! Upgrading to 1.54 (along with adding the Accept header) gets me at least one step farther on this chain. For the record: I determined what ModSecurity would and would not reject by looking at the request Firefox sends (with the `Live HTTP headers` plugin) and pasting in combinations of lines to an `openssl s_client` session and figuring out which lines/features were necessary to get a 302 redirect instead of a 400 bad request.	[reply]