Inproper UTF8 encoding lead to forbidden in apache by ModSecurity2 - ${茶男與藍牌}

home
General
IT
- .NET
- apache
- Application Server
- Browser
- CSS
- Database
- Java
- Javascript
- PHP
- Practical Source Code
- Ruby
- SQL
- UI
- Web
Language
- Cantonese
- English
Reflection

Inproper UTF8 encoding lead to forbidden in apache by ModSecurity2

Filed Under: apache by Tian

Mar.17, 2009

Today a very interesting issue raised…

Scenario:

Copy text from Word document
Paste text to input text field in browser
Submit the form
Response from apache is the following:
Bad Request Your browser sent a request that this server could not understand.

Reason:

UTF8 text from word document conflicts with ModSecurity2′s rule – 950801

Solution:

Add the following line into proper place in httpd.conf
SecRuleRemoveById 950801
Reference:

http://en.wikipedia.org/wiki/Percent_encoding#Binary_data

http://www.modsecurity.org/documentation/modsecurity-apache/2.5.9/modsecurity2-apache-reference.html#N10A8B

http://osdir.com/ml/apache.mod-security.user/2007-05/msg00179.html

Comments RSS feed

Leave a Comment:

You must be logged in to post a comment.

Powered by WordPress. Theme: Motion by 85ideas.

[ Back to top ]