Re: [mod-security-users] Re: Umlauts in Request

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ulf Stegemann wrote:

> Ivan Ristic <iv...@we...> wrote:
> 
> 
>>Ulf Stegemann wrote:
>>
>>
>>>Apache 1.3.29, mod_security 1.7.2
>>>Whenever there's an "umlaut" (äöü) or another non-ASCII character in the
>>>request mod_securtiy strikes with "Invalid character detected".
> 
> 
> [...]
> 
> 
>>   Try "SecFilterCheckURLEncoding Off". Does that help?
> 
> 
> No, unfortunately that does not stop mod_security from blocking the requests.

   Ooops, sorry. I actually ment to write:

   SecFilterCheckUnicodeEncoding Off
                 ^^^^^^^ Unicode

   There's a bug in 1.7.2 and Unicode encoding validation if On by
   default.

   If that does not resolve your problem please send me as many of
   these as you can:

   * mod_security configuration
   * the URL you want to go through
   * the message you get in your error log
   * the fragment from the debug log (set log level to 9)
   * the fragment from the audit log

   Then I'll debug the issue and resolve it.

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]