|
From: Ivan R. <iv...@we...> - 2006-04-10 10:27:11
|
Alex wrote:
> Hi christophe
>
> IMHO (but Ivan will confirm) mod_security seems to truncate your url (see
> Location:
>> /siteminderagent/pwcgi/smpwservicescgi.exe?SMENC=UTF-8&SMTOKEN={RC2}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dtXRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ0vyWFW1RyszdoiTDAp8ZSwqgO0=&USERNAME=test_YM00&SMAUTHREASON=20&SMAGENTNAME=-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv720ACDphqn4Rhzb&TARGET=-SM-https%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhome%2ehtml%3
> that is truncated before the end... (fSMLOCALE=FR-FR is missing) and cause
> the %3f not beeing accepted... Changing the %3f to ? make the query a
> little bit shorter and is then accepted (but without taking care of the
> LOCALE I think.
Thanks for pointing out the content of the "Location" header. You are right
in that the content is truncated but it's not ModSecurity or Apache that's
doing it. It is received that way so it's probably the client that is sending
it. There appears to be a limit of 432 bytes (imposed by the client).
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net
|
