Re: [mod-security-users] Access denied with code 403. Error normalising REQUEST_URI: Invalid URL en

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

ze...@vo... wrote:
>  Hi,
> 
> I face a big problem using Mod Security 1.9.2.
> 
> My web server architecture uses Siteminder and i use this kind of URL to
> change or modify password:
> 
> https://www.myserver.com/siteminderagent/pwcgi/smpwservicescgi.exe

  The URL works fine work me.

  Are you sure you get the same result with "SecFilterCheckURLEncoding Off"?

> ModSecurity logs as following:

  Can you get me the audit log entry for this problem?

> [06/Apr/2006:17:45:06 +0200]
> [www.myserver.com/sid#115800][rid#32ef88][/siteminderagent/pwcgi/smpwservicescgi.
> exe][1] Access denied with code 403. Error normalising REQUEST_URI:
> Invalid URL encoding detected: not enough characters

  This message would typically appear when there's an % at the end
  of the URI but the two hexadecimal characters that need to follow it
  aren't.

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net

Re: [mod-security-users] Access denied with code 403. Error normalising REQUEST_URI: Invalid URL en

Re: [mod-security-users] Access denied with code 403. Error normalising REQUEST_URI: Invalid URL encoding detected: not enough characters