Re: [mod-security-users] mod_security: Invalid character detected [252]
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_security: Invalid character detected [252]
|
From: Ivan R. <iv...@we...> - 2003-12-12 13:57:30
|
> I installed mod_Security on a server, and for the moments, all the pages
> works fine. Now, I have some little issues that I describe above
> (extracted from the audit_log file).
> Anybody can help me on this issue...??
You've configured mod_security to reject requests containing
characters that fall outside the 32-126 range (inclusive). And there
are such characters in the example request you gave us.
For example:
/images/buttonse/inkassoausk%FCnfte.gif
contains %fc (252)
Change this line:
SecFilterForceByteRange 32 126
into:
SecFilterForceByteRange 32 255
and your problems will go away.
FYI, future releases will include the ability to specify several
ranges of acceptable characters, not only one as right now.
--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]
|
