I am having an issue with an Apache2 web server. I had a site working for a while, but now every request that is sent to the server has a duplicate and the first request isn't visible to the user at all. I am able to temporarily patch this by using database transactions to only return a response on the second request, with Django middleware, but the software still shows duplicate requests in the logs, each GET and POST request sent to the server has a duplicate counterpart.
I have tried a suggestion I found, using modsecurity2, but it doesn't seem to work, it still lets duplicate requests through. The solution is below.
SecRule USER:duplicaterequest "@gt 1" "id:'40000',phase:2,deny,status:409,msg:'Duplicate Request!'"
The requests are about 2 seconds apart, and this causes all sorts of issues with duplicate objects and also seems to make the pages take longer to load.
This happened overnight several weeks ago without any changes to the code. Any idea what this could be, or a way to fix it?
I'm not sure I understand completely your issue, but if a clients sends a request twice, the problem is around there. Also not sure if this should solve it with ModSecurity.
Your rule uses the
USERpersistent collection as target. Matches a collections variable makes sense only if you set that variable BEFORE.If there is no other rule which fills this variable (based on some conditions), then this will never matches. Where do you set the
USER:duplicaterequestand how? Do you want to deny the request in that case?