Re: [mod-security-users] url-encoded versus urlencoded
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] url-encoded versus urlencoded
|
From: Ivan R. <iv...@we...> - 2004-07-27 23:30:09
|
Hugh Beaumont wrote: > Hi, > > I am using this standard rule from the examples in the mod_security docs: > > # Only accept request encodings we know how to handle > # we exclude GET requests from this because some (automated) > # clients supply "text/html" as Content-Type > SecFilterSelective REQUEST_METHOD "!^GET$" chain > SecFilterSelective HTTP_Content-Type > "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)" > > This rule is catching a lot of things like the following : I think the rule is doing what it was designed to do. I see such requests in my logs too. The HTML specification defines only two content types (see http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4) and those two are the ones used in the rule. Whoever wrote the spam bot probably made a mistake. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |
