Since october 1st i am receiving a ton of log messages (and people being blocked) about rule 390616:
Message: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "61"] [id "390616"] [rev "2"] [msg "Atomicorp.com WAF Rules: POST request must have a Content-Length header"] [severity "WARNING"] Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS.
This seems to be triggered by my ajax poller that, depending on if there is new data or not, sends back a 304 code (not modified) or the standard response if there is changed data.
What is this rule for exactly? I had to globally disable this rule to stop people from being banned.