Re: [mod-security-users] Multipart: invalid Content-Disposition header (-11)?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Gerwin Krist -|- Digitalus Webhosting wrote:
> Heya Ivan and others :)
> 
> Some customer trying to upload certain stuff gets the following error:
> 
> [Thu Feb 16 00:19:29 2006] [error] [client 80.57.1.99] mod_security
> Access denied with code 406. Error processing request body: Multipart:
> invalid Content-Disposition header (-11): form-data;
> name="uploadedFiles0"; filename="DSCF1848.jpg"; modification-date="ma,
> 13 feb 2006 13:03:48 CET" [hostname "www.xxxxx.nl"] [uri
> "/cms/adm_meetings_upload.php"] [unique_id "iy26GsGKnQQAABAuYQYAAAAd"]
> 
> No clue what this means, a little glitch?

  The Content-Disposition header of the multipart part appears to
  be invalid. The "modification-date" attribute is not defined in
  the multipart RFC and this is the first time I encounter someone
  using it. The content of the parameter does not appear to be
  valid either: "ma, 13 feb 2006 13:03:48 CET".

  The problem with many of the relevant RFCs is that they are open
  to interpretation. For example RFC 2183 describes the format of
  the Content-Disposition header when used in MIME messages but none
  of the parameter make sense when used in context of the multipart
  upload.

  Which browser/device was used to submit this request?

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall