[mod-security-users] Blocking (partly) HTTP Parameter Pollution
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Blocking (partly) HTTP Parameter Pollution
|
From: Marc S. <mar...@ap...> - 2009-06-16 09:40:05
|
Information about a particular case of HTTP Parameter Pollution - duplicate arguments - is described here: http://www.securityfocus.com/archive/1/504240/30/0/threaded Do anyone sees how to find duplicate argument names, without knowing the names in advance? The goal is to forbid, for GET & POST, two arguments with the same name I tried to play with chained rules, but I would need recursive macro expansion, like "TX:%{TX:...}" Thanks Marc |
