Hi,
find below the sample.
cheers,
Andy
---6uIk3EEg---A--
[27/Aug/2019:15:35:57 +0200] 7fc42219c6c4d351842309e9d537dc9c 13.93.46.20 34698 13.93.46.20 443
---6uIk3EEg---B--
POST /services/collector/event HTTP/1.1
Host:
Authorization: Splunk 75B1123F-D42B-47A8-8146-F24704BE9C70
Accept-Encoding: gzip, deflate
Connection: keep-alive
Accept: /
Content-Length: 382
User-Agent: python-requests/2.9.1
---6uIk3EEg---F--
HTTP/1.1 200
Server: nginx
Date: Tue, 27 Aug 2019 13:35:57 GMT
Content-Length: 27
Content-Type: application/json; charset=UTF-8
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Authorization
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000
---6uIk3EEg---H--
ModSecurity: Warning. Matched "Operator Eq' with parameter 0' against variable REQUEST_HEADERS:Content-Type' (Value: 0' ) [file "/etc/modsecurity/owasp-modsecurity-crs/v3.1.1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "732"] [id "920340"] [rev ""] [msg "Request Containing Content, but Missing Content-Type header"] [data ""] [severity "5"] [ver "OWASP_CRS/3.1.1"] [maturity "0"] [accuracy "0"] [hostname "13.93.46.20"] [uri "/services/collector/event"] [unique_id "7fc42219c6c4d351842309e9d537dc9c"] [ref "v217,3"]
ModSecurity: Warning. Matched "Operator Eq' with parameter 0' against variable REQUEST_HEADERS:Content-Type' (Value: 0' ) [file "/etc/modsecurity/owasp-modsecurity-crs/v3.1.1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "732"] [id "920340"] [rev ""] [msg "Request Containing Content, but Missing Content-Type header"] [data ""] [severity "5"] [ver "OWASP_CRS/3.1.1"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "13.93.46.20"] [uri "/services/collector/event"] [unique_id "7fc42219c6c4d351842309e9d537dc9c"] [ref "v217,3"]
---6uIk3EEg---J--
---6uIk3EEg---K--
---6uIk3EEg---Z--
... View more