mod-security-users

[mod-security-users] Questions about SecFilterCheckURLEncoding

[mutombo <mut...@gm...>]

hi .

if noticed that some of my sites uses special chars like =E4,=F6,=FC.
and i heard that this will be soon allowed in domainnames too.
is it possible to add some special chars to SecFilterCheckURLEncoding?
would be great.

greetings

christian

Re: [mod-security-users] Questions about SecFilterCheckURLEncoding

[Ivan R. <iv...@we...>]

> if noticed that some of my sites uses special chars like ä,ö,ü.
> and i heard that this will be soon allowed in domainnames too.
> is it possible to add some special chars to SecFilterCheckURLEncoding?
> would be great.

   SecFilterCheckURLEncoding will never create you problems with
   special characters. It only verifies that all URL encoded characters
   are valid (they must contain two HEX digits after the % character).

   SecFilterForceByteRange START END

   can create problem in these cases. One possible enhancement is
   to allow byte ranges, such as:

   SecFilterForceByteRange "32-126,138,140,200-215"

   Is this what you had in mind?

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]