Re: [mod-security-users] Vbulletin 3.5.2 and mod_security
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Vbulletin 3.5.2 and mod_security
|
From: Ivan R. <iv...@we...> - 2006-03-14 14:01:51
|
Thomas Behrend wrote:
> Since the installation of the latest vbulletin version, we have some
> trouble with the =80 (%u20AC).
>
> ...
>
> mod_security-message: Access denied with code 500. Error parsing POST
> parameters: Error normalizing parameter value: Invalid URL encoding
> detected: invalid characters used
>
> ...
>
> ajax=3D1&ajax_lastpost=3D1141671043&message=3Dsdsdsdfsfsdfdsf%20%u20AC
The above (%u20AC) is not a valid URL-encoded character. I suspect
this is a programming error in vbulletin. I also suspect they
should encode the character like this: %25u20AC.
You can allow it simply by turning URL-encoding validation off:
SecFilterCheckURLEncoding Off
--=20
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net
|
