Re: [mod-security-users] Unicode problem.
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Unicode problem.
|
From: Ivan R. <iv...@we...> - 2005-01-03 21:08:32
|
Thierry Robitaille wrote: > Hi, > > I just enable SecFilterCheckUnicodeEncoding and mod_sec(1.8.6) seem to > see invalid unicode encoding in this referer: > "http://search.ke.voila.fr/S/wanadoo?gb=site&dt=*&cid=wng&kw=diversit%E9%20culturel" > > but there is no unicode in it, only url encoding characters. > > Any idea? In short: if there's no Unicode there then Unicode encoding validation won't do any good for you. It will just produce false positives, such as the one you used as the example. Therefore you need to turn it off. ModSecurity can't tell (because HTTP does not support it) whether some incoming data is Unicode or not. Therefore it's on you to decide whether to enable the validation feature or not, using the knowledge of your application. If the Unicode encoding validation feature is enabled then all data must be a valid UTF-8 encoding. In your example, the %e9 character is treated as the first of a three-byte UTF-8 encoded character. ModSecurity complains because the second and the third bytes are not valid. -- Ivan Ristic (http://www.modsecurity.org) |
