The Love Bug (thelovebug) wrote in php_dev,
The Love Bug
thelovebug
php_dev

400 Bad Request

This may not be a PHP issue, but I'm trying to cover all my options here.

I have written a photoblog site at http://eye.thelovebug.org/

As you can see, it works a treat through a browser, and also by using wget. However, if I try and validate the site, I get a 400 Bad Request error.

link to W3C validation of eye.thelovebug.org

The same problem occurs with my homemade RSS feed at http://eye.thelovebug.org/rss.php

Again, works great with a browser and wget, but doesn't validate or load in Google Reader (or other RSS aggregator), or LiveJournal. Same 400 error.

link to LiveJournal syndicated account profile
link to feedvalidator.org validation of eye.thelovebug.org/rss.php

Any ideas or suggestions?

Cheers,
Dave
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your IP address will be recorded 

  • 5 comments
command line curl doesn't work either.

GET "halkeye@quackduck:~$ GET "http://eye.thelovebug.org/"


Bad Request


Your browser sent a request that this server could not understand.



halkeye@quackduck:~$ HEAD "http://eye.thelovebug.org/"
400 Bad Request
Connection: close
Date: Wed, 09 Jan 2008 10:32:34 GMT
Server: Apache 2
Content-Type: text/html; charset=iso-8859-1
Client-Date: Wed, 09 Jan 2008 10:32:45 GMT
Client-Peer: 83.170.86.34:80
Client-Response-Num: 1

halkeye@quackduck:~$
Yeah, that's exactly what I get if I use GET through fsockopen()

Any ideas why this would be happening, and yet browser requests and wget work fine?
its way to late for me to think about this
again (for me) with stupid questions, but you've checked the error logs right?
Error log as follows:

[Wed Jan 09 07:03:06 2008] [error] [client www.xxx.yyy.zzz] ModSecurity: Access denied with code 400 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [hostname "eye.thelovebug.org"] [uri "/"] [unique_id "somestuff"]
[Wed Jan 09 07:04:07 2008] [error] [client www.xxx.yyy.zzz] ModSecurity: Access denied with code 400 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [hostname "eye.thelovebug.org"] [uri "/rss.php"] [unique_id "someotherstuff"]


I kinda understand what it's saying, but I don't know why it's happening.
I think thats pretty straight forward.

mod_security is being paranoid.
Accept is not a required header. Browsers send it , wget apparently does, but curl doesn't by default.

You should find out what you gain by having that rule turned on.

its way outside the stuff i know.