mod-security-users Mailing List for ModSecurity (Page 577)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

--- Ivan Ristic <iv...@we...> wrote:

> > Hi,
> > 
> > I am using this standard rule from the examples in the mod_security docs:
> > 
> > # Only accept request encodings we know how to handle
> > # we exclude GET requests from this because some (automated)
> > # clients supply "text/html" as Content-Type
> > SecFilterSelective REQUEST_METHOD "!^GET$" chain
> > SecFilterSelective HTTP_Content-Type
> > "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
> > 
> > This rule is catching a lot of things like the following :
> 
>   I think the rule is doing what it was designed to do. I see
>   such requests in my logs too.
> 
>   The HTML specification defines only two content types (see
>   http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4)
>   and those two are the ones used in the rule. Whoever wrote
>   the spam bot probably made a mistake.
> 

Just as a follow up, I also saw this tonight :

Content-Type: application/x-vermeer-urlencoded
Date: Tue, 27 Jul 2004 22:49:20 GMT
Host: sdhenterprises.com
MIME-Version: 1.0
User-Agent: MSFrontPage/4.0
X-Vermeer-Content-Type: application/x-vermeer-urlencoded

Looks like Microsoft FrontPage is using:

Content-Type: application/x-vermeer-urlencoded

Just thought I'd add this as a note for the archives...

__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

2003	Jan	Feb	Mar	Apr	May	Jun (2)	Jul (17)	Aug (7)	Sep (8)	Oct (11)	Nov (14)	Dec (19)
2004	Jan (46)	Feb (14)	Mar (20)	Apr (48)	May (15)	Jun (20)	Jul (36)	Aug (24)	Sep (31)	Oct (28)	Nov (23)	Dec (12)
2005	Jan (69)	Feb (61)	Mar (82)	Apr (53)	May (26)	Jun (71)	Jul (27)	Aug (52)	Sep (28)	Oct (49)	Nov (104)	Dec (74)
2006	Jan (61)	Feb (148)	Mar (82)	Apr (139)	May (65)	Jun (116)	Jul (92)	Aug (101)	Sep (84)	Oct (103)	Nov (174)	Dec (102)
2007	Jan (166)	Feb (161)	Mar (181)	Apr (152)	May (192)	Jun (250)	Jul (127)	Aug (165)	Sep (97)	Oct (135)	Nov (206)	Dec (56)
2008	Jan (160)	Feb (135)	Mar (98)	Apr (89)	May (115)	Jun (95)	Jul (188)	Aug (167)	Sep (153)	Oct (84)	Nov (82)	Dec (85)
2009	Jan (139)	Feb (133)	Mar (128)	Apr (105)	May (135)	Jun (79)	Jul (92)	Aug (134)	Sep (73)	Oct (112)	Nov (159)	Dec (80)
2010	Jan (100)	Feb (116)	Mar (130)	Apr (59)	May (88)	Jun (59)	Jul (69)	Aug (67)	Sep (82)	Oct (76)	Nov (59)	Dec (34)
2011	Jan (84)	Feb (74)	Mar (81)	Apr (94)	May (188)	Jun (72)	Jul (118)	Aug (109)	Sep (111)	Oct (80)	Nov (51)	Dec (44)
2012	Jan (80)	Feb (123)	Mar (46)	Apr (12)	May (40)	Jun (62)	Jul (95)	Aug (66)	Sep (65)	Oct (53)	Nov (42)	Dec (60)
2013	Jan (96)	Feb (96)	Mar (108)	Apr (72)	May (115)	Jun (111)	Jul (114)	Aug (87)	Sep (93)	Oct (97)	Nov (104)	Dec (82)
2014	Jan (96)	Feb (77)	Mar (71)	Apr (40)	May (48)	Jun (78)	Jul (54)	Aug (44)	Sep (58)	Oct (79)	Nov (51)	Dec (52)
2015	Jan (55)	Feb (59)	Mar (48)	Apr (40)	May (45)	Jun (63)	Jul (36)	Aug (49)	Sep (35)	Oct (58)	Nov (21)	Dec (47)
2016	Jan (35)	Feb (81)	Mar (43)	Apr (41)	May (77)	Jun (52)	Jul (39)	Aug (34)	Sep (107)	Oct (67)	Nov (54)	Dec (20)
2017	Jan (99)	Feb (37)	Mar (86)	Apr (47)	May (57)	Jun (55)	Jul (34)	Aug (31)	Sep (16)	Oct (49)	Nov (53)	Dec (33)
2018	Jan (25)	Feb (11)	Mar (79)	Apr (77)	May (5)	Jun (19)	Jul (17)	Aug (7)	Sep (13)	Oct (22)	Nov (13)	Dec (68)
2019	Jan (44)	Feb (17)	Mar (40)	Apr (39)	May (18)	Jun (14)	Jul (20)	Aug (31)	Sep (11)	Oct (35)	Nov (3)	Dec (10)
2020	Jan (32)	Feb (16)	Mar (10)	Apr (22)	May (2)	Jun (34)	Jul (1)	Aug (8)	Sep (36)	Oct (16)	Nov (13)	Dec (10)
2021	Jan (16)	Feb (23)	Mar (45)	Apr (28)	May (6)	Jun (17)	Jul (8)	Aug (1)	Sep (2)	Oct (35)	Nov	Dec (5)
2022	Jan	Feb (17)	Mar (23)	Apr (23)	May (9)	Jun (8)	Jul	Aug	Sep (7)	Oct (5)	Nov (16)	Dec (4)
2023	Jan	Feb	Mar (3)	Apr	May (1)	Jun (4)	Jul (1)	Aug	Sep (2)	Oct (1)	Nov	Dec
2024	Jan (7)	Feb (13)	Mar (18)	Apr	May	Jun	Jul	Aug	Sep (2)	Oct (1)	Nov (5)	Dec (3)
2025	Jan	Feb	Mar	Apr (12)	May (12)	Jun (2)	Jul (3)	Aug	Sep	Oct	Nov	Dec

mod-security-users Mailing List for ModSecurity (Page 577)

mod-security-users — General discussion about mod_security