Inproper UTF8 encoding lead to forbidden in apache by ModSecurity2

By On 17/03/2009 · Leave a Comment

Today a very interesting issue raised…

Scenario:

  1. Copy text from Word document
  2. Paste text to input text field in browser
  3. Submit the form
  4. Response from apache is the following:
    Bad Request
    Your browser sent a request that this server could not understand.

Reason:

UTF8 text from word document conflicts with ModSecurity2′s rule – 950801

Solution:

Add the following line into proper place in httpd.conf
SecRuleRemoveById 950801
Reference:

http://en.wikipedia.org/wiki/Percent_encoding#Binary_data

http://www.modsecurity.org/documentation/modsecurity-apache/2.5.9/modsecurity2-apache-reference.html#N10A8B

http://osdir.com/ml/apache.mod-security.user/2007-05/msg00179.html

 
If you enjoyed this article, please consider sharing it!
Reddit Facebook Twitter Delicious

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>