[Mod-security-developers] validateurlencoding operator being used in the CRS
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] validateurlencoding operator being used in the CRS
|
From: Ellison M. <em...@sc...> - 2013-11-14 00:06:57
|
rule 950108 in the CRS is supposed to check for url encoding abuse attempts. It chains a content-type header check, to a regex looking for percent sequences in REQUEST_BODY or XML, and finally to the validateURLEncoding operator. The problem is, the regex check allows for % on it's own, %XX and for %uXXXX sequences, while validateUrlEncoding only seems to accept %XX. -- Sincerely, Ellison Ellison Marks Scratchspace Inc. (831) 621-7928 http://www.scratchspace.com |
