Re: [mod-security-users] SelectiveFilter doesn't seem to work with //
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SelectiveFilter doesn't seem to work with //
|
From: Ivan R. <iv...@we...> - 2006-01-27 17:58:25
|
PERA, Christophe wrote: > Hello, > > I try to implement the following rule but mod_sec doesn't match: > > SecFilterSelective REQUEST_URI "//" deny > > I don't understand because all other rules are well performed. > > Could you say me how to implement it? You can't, at least not yet. ModSecurity automatically compresses consecutive / characters into one - that's why yours does not match. FYI future releases are likely to allow you to configure exactly which normalisation methods to apply, and it will become possible to avoid the problem. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 |
