A long time ago, I had the requirement of NOT wanting mod_security to
normalize/decode the URL before applying filters on it (so I could =
out urls with ";" and other characters unencoded, but leave URLs that =
properly encoded alone), so I made a simple little patch to add an =
mod_security that prevented it from decoding encoded URLs so that the
down-stream filters would have an unmodified URL to match against.
I've been successfully using this patch on production servers since I
created it (at least 6 months), and it's working very well. I haven't
however tried to break it, so I don't know if it would work for everyone =
HOWEVER, since I *do* find this extremely useful, and there is still no =
to do this in mod_security, I was hoping that someone may take this =
extend it for apache2 (this patch modifies the apache1/mod_security.c =
only - not the apache2 file... Well, if it does, it's untested.) and
hopefully get it included in to the official mod_security release.
I accept all criticism - I've made many other "useless" patches for =