Re: [mod-security-users] modsecurity and spam in OWA
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] modsecurity and spam in OWA
|
From: Tom A. <tan...@oa...> - 2005-12-16 18:03:52
|
Jason Haar wrote: > Anyway, I had "SecFilterForceByteRange 32 126" and it blocked that URL > as there was a char 228 in there > > Sooo, what should I block instead? Given the fact that the Webapp needs > to present almost any char (i.e. assuming a Subject line could contain > any char), could I do an exclusion list instead? i.e. accept everything > other than NULL, etc? And if so, can someone tell me what "etc" should > actually be? ;-) I've found SecFilterForceByteRange to provide false positives on anything less than 0-255. Unless you're running a very simple website, you just don't know when a user will enter a valid character outside of your arbitrary range. As you said, many applications require the use of almost any character. I addressed user complaints over a period of months, slowly expanding the range, until I was left at 0-255 before the complaints stopped. As far as blocking certain characters, yes you can, but even NULL may give false positives. Whatever that list may be is entirely driven by what your site needs to process. Tom |
