Re: [mod-security-users] Access denied with code 403. Error normalising REQUEST_URI: Invalid URL en
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Access denied with code 403. Error normalising REQUEST_URI: Invalid URL encoding detected: not enough characters
|
From: Ivan R. <iv...@we...> - 2006-04-07 16:41:03
|
ze...@vo... wrote: > Hi, > > I face a big problem using Mod Security 1.9.2. > > My web server architecture uses Siteminder and i use this kind of URL to > change or modify password: > > https://www.myserver.com/siteminderagent/pwcgi/smpwservicescgi.exe The URL works fine work me. Are you sure you get the same result with "SecFilterCheckURLEncoding Off"? > ModSecurity logs as following: Can you get me the audit log entry for this problem? > [06/Apr/2006:17:45:06 +0200] > [www.myserver.com/sid#115800][rid#32ef88][/siteminderagent/pwcgi/smpwservicescgi. > exe][1] Access denied with code 403. Error normalising REQUEST_URI: > Invalid URL encoding detected: not enough characters This message would typically appear when there's an % at the end of the URI but the two hexadecimal characters that need to follow it aren't. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net |