[mod-security-users] Vbulletin 3.5.2 and mod_security
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Vbulletin 3.5.2 and mod_security
|
From: Thomas B. <web...@sp...> - 2006-03-14 08:01:48
|
Since the installation of the latest vbulletin version, we have some trouble with the =80 (%u20AC). When someone try to use the quick-answer function, it hangs on submit and i got this log entry: #########################################################################= ########################## =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Request: 84.181.222.208 - - [06/Mar/2006:20:22:52 +0100] "POST /newreply.php HTTP/1.1" 500 132018 Handler: (null) ---------------------------------------- POST /newreply.php HTTP/1.1 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=3D0.9,text/pla= in;q=3D0.8,image/png,*/*;q=3D0.5 Accept-Charset: ISO-8859-15,utf-8;q=3D0.7,*;q=3D0.7 Accept-Language: de Cache-Control: no-cache Connection: keep-alive Content-Length: 154 Content-Type: application/x-www-form-urlencoded Cookie: vbulletin_collapse=3Dvbindex_poll%0Avbindex_customblock1%0Avbindex_online= users%0Avbindex_customblock2%0Avbindex_customblock5%0Avbindex_customblock= 3%0Avbindex_customblock4%0Amodule_18%0Amodule_4_2223%0Amodule_4_2129%0Amo= dule_14%0Amodule_10%0Amodule_7%0Amodule_16%0Asimilarthreads%0Aforumrules%= 0Amodule_17%0Amodule_6%0Amodule_13%0Amodule_15%0Amodule_3%0Amodule_19%0Am= odule_20; bbstyleid=3D8; bblastactivity=3D0; bbpassword=3D45607a9db79ae5183869714014f52482; bblastactivity=3D0; bbpassword=3D45607a9db79ae5183869714014f52482; bbuserid=3D116; bbuserid=3D= 116; bblastvisit=3D1137987506; bblastvisit=3D1119689584; bbsessionhash=3D459be9994d399f34f77a72320b48203c; bbthread_lastview=3D18660539a878ce8c1d3c4b58eb661985a-3-%7Bi-1984_i-11416= 64362_i-2385_i-1141669965_i-2401_i-1141671043_%7D; bbforum_view=3D914767cf6ea023144ed3f3764dac98eca-1-%7Bi-32_i-1141670455_%= 7D Host: www.spieleplanet.ch Keep-Alive: 300 Pragma: no-cache User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.7.8) Gecko/20050511 mod_security-message: Access denied with code 500. Error parsing POST parameters: Error normalizing parameter value: Invalid URL encoding detected: invalid characters used mod_security-action: 500 154 ajax=3D1&ajax_lastpost=3D1141671043&message=3Dsdsdsdfsfsdfdsf%20%u20AC&wy= siwyg=3D0&signature=3D1&fromquickreply=3D1&s=3D&do=3Dpostreply&t=3D2401&p= =3Dwho%20cares&parseurl=3D1&s=3D HTTP/1.1 500 Internal Server Error Vary: * Last-Modified: Wed, 09 Jun 2004 23:18:33 GMT ETag: "f5c3e0-203b2-40c79ac9" Accept-Ranges: bytes Content-Length: 132018 Connection: close Content-Type: image/jpeg #########################################################################= ########################## same thing with postedit.php, so i try to make a rule in httpd.conf: SecFilterSelective THE_REQUEST "\|+.*[\%u20AC].*\|" pass,nolog and <LocationMatch "/newreply.php"> SecFilterSelective THE_REQUEST "\.*[\xu20AC].*\" pass,nolog </LocationMatch> Can anyone help me with this rule, i try anything i know, but both wont work atm. Maybe its a problem with the ajay function, but i dont have any clue how to solve it. MFG Thomas Behrend |
