From: Ivan Ristic <ivan.ristic@gm...> - 2006-05-02 09:26:26
On 5/2/06, Uve Lokk <Uve.Lokk@...> wrote:
> Hi all,
> Am I correct that using mod_security one can't reject 'POST //script.php?=
blaah' and pass 'POST /script.php?blaah' at the same time?
Not right now, with 1.9.x, because this version performs implicit
normalisation that results in two slashes being combined into one. But
2.x, which is around the corner (next week), can be configured not to
transform the input data and makes it possible to detect the case you
are asking about.
Why do you need this BTW?
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall