I have an Apache Lounge version of apache 2.2 with mod security 2.1.1
on a Windows XP PC. I am running a C++ cgi application that uses url
encoding. I am using the core rules that came with mod security. Since I
am using url encoding in my program, I am getting a Bad Response error. In the error log
I have:
[Tue May 22 12:51:04 2007] [error] [client] ModSecurity: Access denied with code 400 (phase 2).
Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:INPUT1. [id "950107"] [msg "URL Encoding Abuse Attack Attempt"]
[severity "WARNING"] [hostname "localhost"] [uri "/cgi-bin/ttgxxx.exe/SearchIt?DBNAME=200703xxxxxx&NEWUSER=xxxx

I have tried overriding this rule as per the mod security help file. I
created a file named modsecurity_crs_15_customrules.conf and added the
following to try to override the rule.

SecRuleRemoveByID "960901"
SecRuleRemoveByID "950107"
SecRuleRemoveByMsg "URL Encoding Abuse Attack Attempt"

This seems to have no effect at all and I continue to get the Bad Response error.

Thanks for any assistance with this.