Non standard compliant HTTP response status code in modsecurity.conf-recommended

[derhansen]

The file modsecurity.conf-recommended contains a rule which returns the HTTP response status code 44 .

SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"id:'200002',phase:2,t:none,log,deny,status:44, \
msg:'Multipart request body failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_MISSING_SEMICOLON}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IP %{MULTIPART_INVALID_PART}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"

AFAIK HTTP response status codes should always have 3 digits. I also could'nt find something about a status code 44 in the official registry of HTTP status codes

I would recommend to change the response status code to 400 which is more clear, as the request body seems to be faulty.

[zimmerle]

@derhansen Pull request merged. thanks.