RE: [mod-security-users] SelectiveFilter doesn't seem to work with //
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
RE: [mod-security-users] SelectiveFilter doesn't seem to work with //
|
From: PERA, C. (S. TRANSICIEL) <chr...@ai...> - 2006-02-21 18:40:49
|
Hello, Thanks for your previous answer. I have an other question, Where can i find the list of characters that they need to put one "\" before, when i try to declare them in rules? Example: SecFilterSelective REQUEST_URI "/*" Deny SecFilterSelective REQUEST_URI "./" Deny SecFilterSelective REQUEST_URI "/." Deny SecFilterSelective REQUEST_URI "<" Deny etc. I have seen in your documentation that i have to set "\./" instead of "./", but i don't find the information for the others. Thanks a lot, Christophe -----Original Message----- From: Ivan Ristic [mailto:iv...@we...] Sent: 27 January 2006 18:59 To: PERA, Christophe Cc: mod...@li... Subject: Re: [mod-security-users] SelectiveFilter doesn't seem to work with // PERA, Christophe wrote: > Hello, > > I try to implement the following rule but mod_sec doesn't match: > > SecFilterSelective REQUEST_URI "//" deny > > I don't understand because all other rules are well performed. > > Could you say me how to implement it? You can't, at least not yet. ModSecurity automatically compresses consecutive / characters into one - that's why yours does not match. FYI future releases are likely to allow you to configure exactly which normalisation methods to apply, and it will become possible to avoid the problem. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 This mail has originated outside your organization, either from an external partner or the Global Internet. Keep this in mind if you answer this message. This e-mail is intended only for the above addressee. It may contain privileged information. If you are not the addressee you must not copy, distribute, disclose or use any of the information in it. If you have received it in error please delete it and immediately notify the sender. Security Notice: all e-mail, sent to or from this address, may be accessed by someone other than the recipient, for system management and security reasons. This access is controlled under Regulation of Investigatory Powers Act 2000, Lawful Business Practises. |
