[mod-security-users] Access denied with code 403. Error normalising REQUEST_URI: Invalid URL encodi
Brought to you by:
victorhora,
zimmerletw
From: <ze...@vo...> - 2006-04-07 14:08:22
|
Hi, I face a big problem using Mod Security 1.9.2. My web server architecture uses Siteminder and i use this kind of URL to change or modify password: https://www.myserver.com/siteminderagent/pwcgi/smpwservicescgi.exe?SMENC=UTF-8&SMTOKEN={RC2}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dtXRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ0vyWFW1RyszdoiTDAp8ZSwqgO0=&USERNAME=test_Users&SMAUTHREASON=20&SMAGENTNAME=-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv720ACDphqn4Rhzb&TARGET=-SM-https%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhome%2ehtml%3fSMLOCALE=FR-FR ModSecurity logs as following: [06/Apr/2006:17:45:06 +0200] [www.myserver.com/sid#115800][rid#32ef88][/siteminderagent/pwcgi/smpwservicescgi. exe][1] Access denied with code 403. Error normalising REQUEST_URI: Invalid URL encoding detected: not enough characters When i replace the %3f by the "?", then my change password service runs well. My ModSec configuration in quite simple way is like the following: # Turn ModSecurity On SecFilterEngine On # Reject requests with status 403 SecFilterDefaultAction "deny,log,status:403" # Some sane defaults SecFilterScanPOST Off SecFilterCheckURLEncoding On # for UTF8 encoding SecFilterCheckUnicodeEncoding Off # Accept almost all byte values SecFilterForceByteRange 1 255 # Server masking is optional SecServerSignature " " # Only record the interesting stuff SecAuditEngine RelevantOnly SecAuditLog logs/modsec_log # You normally won't need debug logging SecFilterDebugLevel 0 SecFilterDebugLog logs/modsec_debug_log #Deny all unwanted characters by default SecFilter "'" id:1000 SecFilterSelective REQUEST_URI "!\?" "chain,id:1001,msg:'1001 matched'" SecFilter "/\." SecFilterSelective REQUEST_URI "\?" "chain,id:2001,msg:'2001 matched'" SecFilterSelective REQUEST_URI ".*/\..*\?" I tried to activate or de activate "SecFilterCheckURLEncoding", "SecFilterCheckUnicodeEncoding " but the result was unsuccessful. Could you help me to resolve this problem? Regards, Christophe |