Re: [mod-security-users] url-encoded versus urlencoded
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] url-encoded versus urlencoded
|
From: Hugh B. <hbe...@ya...> - 2004-07-28 03:32:05
|
--- Ivan Ristic <iv...@we...> wrote: > > Hi, > > > > I am using this standard rule from the examples in the mod_security docs: > > > > # Only accept request encodings we know how to handle > > # we exclude GET requests from this because some (automated) > > # clients supply "text/html" as Content-Type > > SecFilterSelective REQUEST_METHOD "!^GET$" chain > > SecFilterSelective HTTP_Content-Type > > "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)" > > > > This rule is catching a lot of things like the following : > > I think the rule is doing what it was designed to do. I see > such requests in my logs too. > > The HTML specification defines only two content types (see > http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4) > and those two are the ones used in the rule. Whoever wrote > the spam bot probably made a mistake. > Just as a follow up, I also saw this tonight : Content-Type: application/x-vermeer-urlencoded Date: Tue, 27 Jul 2004 22:49:20 GMT Host: sdhenterprises.com MIME-Version: 1.0 User-Agent: MSFrontPage/4.0 X-Vermeer-Content-Type: application/x-vermeer-urlencoded Looks like Microsoft FrontPage is using: Content-Type: application/x-vermeer-urlencoded Just thought I'd add this as a note for the archives... __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail |
