[mod-security-users] Error normalizing REQUEST_URI

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

  Folks:

  I saw these logs, some of our developers were testing this out. Was this problem with URL encoding in the test case or problem with mod_security normalization functions (logs were edited for site sensitive info). This happens on 1.x system.

  Thanks,

   "GET /index.php/view/search/?query_string=nessus&search=../../../../../../../../etc/passwd%00 HTTP/1.1"  Error normalizing REQUEST_URI: Invalid character detected [0]

   "GET /index.php/view/search/?query_string=nessus&search=../../../../../../../../etc/passwd%00.html HTTP/1.1" 500  Error normalizing REQUEST_URI: Invalid character detected [0]

 "PUT /%08x HTTP/1.1"  Error normalizing REQUEST_URI: Invalid character detected [8]

  "DELETE /%08x HTTP/1.1"  500  Error normalizing REQUEST_URI: Invalid character detected [8]

---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates starting at 1&cent;/min.