[mod-security-users] Apache 2.2 and URL encoding
Brought to you by:
victorhora,
zimmerletw
From: Don <n2b...@sb...> - 2007-05-31 19:42:47
|
Hi, I have an Apache Lounge version of apache 2.2 with mod security 2.1.1 on a Windows XP PC. I am running a C++ cgi application that uses url encoding. I am using the core rules that came with mod security. Since I am using url encoding in my program, I am getting a Bad Response error. In the error log I have: [Tue May 22 12:51:04 2007] [error] [client 127.0.0.1] ModSecurity: Access denied with code 400 (phase 2). Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:INPUT1. [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "localhost"] [uri "/cgi-bin/ttgxxx.exe/SearchIt?DBNAME=200703xxxxxx&NEWUSER=xxxx &CODE=xxxx&DBALIAS=MAR%2B2007%2BB%2BOF%2BA%2BLOCKBOXES &STARTSESSION=5%2F22%2F2007%2B12%3A50%3A51%2BPM &R1=V1&INPUT1=%25&SUBMIT.x=23&SUBMIT.y=12&SUBMIT=SEARCH"] [unique_id "XrASOwpYJAQAAADQDDkAAAD5"] I have tried overriding this rule as per the mod security help file. I created a file named modsecurity_crs_15_customrules.conf and added the following to try to override the rule. SecRuleRemoveByID "960901" SecRuleRemoveByID "950107" SecRuleRemoveByMsg "URL Encoding Abuse Attack Attempt" This seems to have no effect at all and I continue to get the Bad Response error. Thanks for any assistance with this. Don |