Re: [mod-security-users] dont understand this....
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <rcb...@gm...> - 2006-06-09 17:53:22
|
Look in the audit_log at the POST_PAYLOD data to identify which piece of data has the erroneous encoding. Depending on what the data is, you have the option of disabling the modsecurity check for this entirely, or possibly disabling it for this specific file/location if you are using newer versions (v2.0). -Ryan On 6/9/06, administrador <ad...@ca...> wrote: > > hi guys.... > i am runnig apache for 4 years but only few days with sec mode.... > > it runs with fedora 3 and its working.... > > i have an php that shows /showprofile.php?id=XXX > but it wont shows /showprofile.php?id=xxx&ratingid=1&action=rate > > mod_security-message: Access denied with code 406. Error parsing POST > parameters: Error normalising parameter value: Invalid Unicode encoding: not > enough bytes [severity "EMERGENCY"] > > mod_security-action: 406 > > what should i do? > > what are the rules to apply? first? last? > > regards... > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > -- Ryan C. Barnett Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor: Securing Apache GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache |