We have an application which needs to close the connection and redirect to another page. This works fine with the following code:
header("Connection: close\r\n");
header("Content-Encoding: none\r\n");
ignore_user_abort(true);
ob_start();
$size = ob_get_length();
//Redirect
header("Location: $domain", true, 303);
header("Content-Length: $size");
ob_end_flush();
flush();
We use mod_security on the server, once it is activated it does not close the connection anymore. The audit log does not contain an entry.
Disabling mod_security or setting SecResponseBodyAccess
to Off
will re-enable the functionality.
Is there an option for mod_security or a PHP-way to leave SecResponseBodyAccess
on and still be able to close an connection?