[mod-security-users] escape character problem - mod_security v1.9.2
Brought to you by:
victorhora,
zimmerletw
From: <gyo...@hi...> - 2006-05-17 04:00:35
|
Hi all: I am using mod_security 1.9.2 and Apache 2.0.55(Win32). The server and client OS are Windows XP Pro SP2(Japanese). Client browser is IE 6.0 SP2. Here is my problem. I want mod_security to filter a combined character \"(escape + double quotation). I set modsecurity.conf like below. ## SecFilterSelective POST_PAYLOAD "&ARG_parameter1=" chain SecFilter "&ARG_parameter1=\\\"&" ## I thought that regex patern \\\" can match string \". Unfortunately, It doesn't work at all. But if you set modsecurity.conf like this, ## SecFilterSelective POST_PAYLOAD "&ARG_parameter1=" chain SecFilter "\\\"" ## It works well. What a strange! Can someone help me to figure out what this problem? My purpose is: 1. Filter and only filter the string \" 2. Don't filter parameters in the post body except parameter ARG_parameter1(assumed) The post body in log likes this: sticky=0&ARG_parameter1=%5C%22&password=1 The other related configuration I thought is like below, #### SecFilterEngine On SecFilterScanPOST On SecFilterSelective HTTP_Transfer-Encoding "!^$" SecFilterInheritance On SecFilterInheritanceMandatory On SecFilterCheckURLEncoding On SecFilterCheckUnicodeEncoding On SecFilterSelective REQUEST_METHOD "^POST$" chain SecFilterSelective HTTP_Content-Length "^$" #### The same problem also happens to the combined character \'(escape + single quotation). Please help! Thanks in advance. |