Thread: [mod-security-users] Rule not working as expected
Brought to you by:
victorhora,
zimmerletw
From: modsecurity <mod...@ez...> - 2004-09-20 17:09:39
|
I have this filter: SecFilter "[^-a-z0-9\._]cd[^+]" It's matching this /index.htm?page=3DWebMailf+cd+ but it shouldn't. Can = anyone tell me why it's doing this? When I test this in perl it does not = match. |
From: Ivan R. <iv...@we...> - 2004-09-20 21:59:55
|
modsecurity wrote: > I have this filter: > > SecFilter "[^-a-z0-9\._]cd[^+]" > > It's matching this /index.htm?page=WebMailf+cd+ but it shouldn't. > Can anyone tell me why it's doing this? The + characters are always decoded to spaces (as per the specification) so that might be causing the problem for you. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |