RE: [mod-security-users] I get requests like:
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
RE: [mod-security-users] I get requests like:
|
From: Sub Z. <Su...@su...> - 2006-03-20 16:16:51
|
>> Access denied with code 406. Pattern match "!^[0-9a-f]*$" at
>> ARG("PHPSESSID")
>>
>> How do I add ; to the argument seperators?
>
> Put in the character set "!^[0-9a-f;]*$"
Is this an internal bug of mod_security? Can't I define ; as an argument
seperator like &?
Tom, you can see that adding ; to the characterset will not fix those issues
(because of other parameters in the url like board=10.0 or topic=9.new or
etc) but open more PHPSESSID security vulnerabilities.. I also do not want
to extend a-f to another characterset...
|
