|
From: <ze...@vo...> - 2006-04-10 09:31:55
|
Hi Ivan,
Thanks for you answer.
I tried again to set the "SecFilterCheckURLEncoding" to "Off or On" but the=
error still occurs.
The Debug log (level 2) that be displayed is as follow:
Detection phase starting (request 366218): "GET /siteminderagent/pwcgi/smpw=
servicescgi.exe?SMENC=3DUTF-8&SMTOKEN=3D{RC2}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/=
B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dtXRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/J=
Fc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ0vyWFW1RyszdoiTDAp8ZSwqgO0=3D&USERN=
AME=3Dtest_YM00&SMAUTHREASON=3D20&SMAGENTNAME=3D-SM-fshUMrkQm%2fB7%2bk8CAU%=
2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv720ACDphqn4Rhzb&TARGET=3D-SM-https%3a%2f%=
2fwww%2emyserver%2ecom%2fURI%2fhome%2ehtml%3fSMLOCALE=3DFR-FR HTTP/1.1"
[10/Apr/2006:10:58:20 +0200] [www.myserver.com/sid#115800][rid#366218][/sit=
eminderagent/pwcgi/smpwservicescgi.exe][1] Access denied with code 403. Err=
or normalising REQUEST_URI: Invalid character detected [0]
The modsec_log is as follow
=3D=3D0000763d=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Request: www.myserver.com 1.10.11.12 - - [10/Apr/2006:11:06:56 +0200] "GET =
/siteminderagent/pwcgi/smpwservicescgi.exe?SMENC=3DUTF-8&SMTOKEN=3D{RC2}GuF=
cF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dtXRcvNG=
iN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ0vyWFW1R=
yszdoiTDAp8ZSwqgO0=3D&USERNAME=3Dtest_YM00&SMAUTHREASON=3D20&SMAGENTNAME=3D=
-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv720ACDphqn4Rhz=
b&TARGET=3D-SM-https%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhome%2ehtml%3fSML=
OCALE=3DFR-FR HTTP/1.1" 403 2244 "https://www.myserver.com/siteminderagent/=
pwcgi/smpwservicescgi.exe?SMENC=3DUTF-8&SMTOKEN=3D{RC2}GuFcF7I/F5Sl03RqtNrP=
sMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dtXRcvNGiN+cwPaCYlGkzRryx=
lqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ0vyWFW1RyszdoiTDAp8ZSwqgO=
0=3D&USERNAME=3Dtest_YM00&SMAUTHREASON=3D20&SMAGENTNAME=3D-SM-fshUMrkQm%2fB=
7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv720ACDphqn4Rhzb&TARGET=3D-SM-ht=
tps%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhome%2ehtml%3fSMLOCALE=3DFR-FR" "M=
ozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)" - "-"
----------------------------------------
GET /siteminderagent/pwcgi/smpwservicescgi.exe?SMENC=3DUTF-8&SMTOKEN=3D{RC2=
}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dtXR=
cvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ0vyW=
FW1RyszdoiTDAp8ZSwqgO0=3D&USERNAME=3Dtest_YM00&SMAUTHREASON=3D20&SMAGENTNAM=
E=3D-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv720ACDphqn=
4Rhzb&TARGET=3D-SM-https%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhome%2ehtml%3=
fSMLOCALE=3DFR-FR HTTP/1.1
Accept: */*
Referer: https://www.myserver.com/siteminderagent/pwcgi/smpwservicescgi.exe=
?SMENC=3DUTF-8&SMTOKEN=3D{RC2}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrny=
C2MPyEDnDn1fDzHRadtrowaa0dtXRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31=
e00c0C0x4dszYnBMJfwIFO/TQ0vyWFW1RyszdoiTDAp8ZSwqgO0=3D&USERNAME=3Dtest_YM00=
&SMAUTHREASON=3D20&SMAGENTNAME=3D-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1=
l0bEfFr6ZGrq3HJ%2fv720ACDphqn4Rhzb&TARGET=3D-SM-https%3a%2f%2fwww%2emyserve=
r%2ecom%2fURI%2fhome%2ehtml%3fSMLOCALE=3DFR-FR
Accept-Language: fr,en-gb;q=3D0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1=
.4322)
Host: www.myserver.com
Connection: Keep-Alive
SM_TRANSACTIONID: c2ce165c-0650-443a2030-000e-074810c5
SM_SDOMAIN: .myserver.com
Location: /siteminderagent/pwcgi/smpwservicescgi.exe?SMENC=3DUTF-8&SMTOKEN=
=3D{RC2}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrow=
aa0dtXRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO=
/TQ0vyWFW1RyszdoiTDAp8ZSwqgO0=3D&USERNAME=3Dtest_YM00&SMAUTHREASON=3D20&SMA=
GENTNAME=3D-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv720=
ACDphqn4Rhzb&TARGET=3D-SM-https%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhome%2=
ehtml%3
SM_REALM:
SM_REALMOID:
SM_AUTHTYPE: Not Protected
SM_USER:
SM_USERDN:
mod_security-message: Access denied with code 403. Error normalising REQUES=
T_URI: Invalid character detected [0]
mod_security-action: 403
It seems that the error is due to the invalid character "0" if i understand=
the log displayed. But why my URL works fine when i change "%3f" to "?" ?!
I continue my investigation, but if you can help me i will be happy...
Regards,
Christophe
> Message du 07/04/06 =C3=A0 18h41
> De : "Ivan Ristic" <iv...@we...>
> A : ze...@vo...
> Copie =C3=A0 : mod...@li...
> Objet : Re: [mod-security-users] Access denied with code 403. Error norma=
lising REQUEST_URI: Invalid URL encoding detected: not enough characters
>=20
> ze...@vo... wrote:
> > Hi,
> >=20
> > I face a big problem using Mod Security 1.9.2.
> >=20
> > My web server architecture uses Siteminder and i use this kind of URL t=
o
> > change or modify password:
> >=20
> > https://www.myserver.com/siteminderagent/pwcgi/smpwservicescgi.exe
>=20
> The URL works fine work me.
>=20
> Are you sure you get the same result with "SecFilterCheckURLEncoding Of=
f"?
>=20
>=20
> > ModSecurity logs as following:
>=20
> Can you get me the audit log entry for this problem?
>=20
>=20
> > [06/Apr/2006:17:45:06 +0200]
> > [www.myserver.com/sid#115800][rid#32ef88][/siteminderagent/pwcgi/smpwse=
rvicescgi.
> > exe][1] Access denied with code 403. Error normalising REQUEST_URI:
> > Invalid URL encoding detected: not enough characters
>=20
> This message would typically appear when there's an % at the end
> of the URI but the two hexadecimal characters that need to follow it
> aren't.
>=20
> --=20
> Ivan Ristic, Technical Director
> Thinking Stone, http://www.thinkingstone.com
> ModSecurity: Open source Web Application Firewall
> Apache Security (O'Reilly): http://www.apachesecurity.net
>=20
>
|
|
From: Alex <al...@bs...> - 2006-04-10 10:02:50
|
Hi christophe
IMHO (but Ivan will confirm) mod_security seems to truncate your url (see
Location:
> /siteminderagent/pwcgi/smpwservicescgi.exe?SMENC=3DUTF-8&SMTOKEN=3D{RC2=
}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dt=
XRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ=
0vyWFW1RyszdoiTDAp8ZSwqgO0=3D&USERNAME=3Dtest_YM00&SMAUTHREASON=3D20&SMAG=
ENTNAME=3D-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv72=
0ACDphqn4Rhzb&TARGET=3D-SM-https%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhom=
e%2ehtml%3
that is truncated before the end... (fSMLOCALE=3DFR-FR is missing) and ca=
use
the %3f not beeing accepted... Changing the %3f to ? make the query a
little bit shorter and is then accepted (but without taking care of the
LOCALE I think.
Cheers
Alex
On Lun 10 avril 2006 11:31, ze...@vo... a =E9crit :
> Hi Ivan,
>
> Thanks for you answer.
>
> I tried again to set the "SecFilterCheckURLEncoding" to "Off or On" but
> the error still occurs.
>
> The Debug log (level 2) that be displayed is as follow:
>
> Detection phase starting (request 366218): "GET
> /siteminderagent/pwcgi/smpwservicescgi.exe?SMENC=3DUTF-8&SMTOKEN=3D{RC2=
}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dt=
XRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ=
0vyWFW1RyszdoiTDAp8ZSwqgO0=3D&USERNAME=3Dtest_YM00&SMAUTHREASON=3D20&SMAG=
ENTNAME=3D-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv72=
0ACDphqn4Rhzb&TARGET=3D-SM-https%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhom=
e%2ehtml%3fSMLOCALE=3DFR-FR
> HTTP/1.1"
> [10/Apr/2006:10:58:20 +0200]
> [www.myserver.com/sid#115800][rid#366218][/siteminderagent/pwcgi/smpwse=
rvicescgi.exe][1]
> Access denied with code 403. Error normalising REQUEST_URI: Invalid
> character detected [0]
>
>
> The modsec_log is as follow
>
> =3D=3D0000763d=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3DRequest: www.myserver.com
> 1.10.11.12 - - [10/Apr/2006:11:06:56 +0200] "GET
> /siteminderagent/pwcgi/smpwservicescgi.exe?SMENC=3DUTF-8&SMTOKEN=3D{RC2=
}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dt=
XRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ=
0vyWFW1RyszdoiTDAp8ZSwqgO0=3D&USERNAME=3Dtest_YM00&SMAUTHREASON=3D20&SMAG=
ENTNAME=3D-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv72=
0ACDphqn4Rhzb&TARGET=3D-SM-https%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhom=
e%2ehtml%3fSMLOCALE=3DFR-FR
> HTTP/1.1" 403 2244
> "https://www.myserver.com/siteminderagent/pwcgi/smpwservicescgi.exe?SME=
NC=3DUTF-8&SMTOKEN=3D{RC2}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2=
MPyEDnDn1fDzHRadtrowaa0dtXRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31=
e00c0C0x4dszYnBMJfwIFO/TQ0vyWFW1RyszdoiTDAp8ZSwqgO0=3D&USERNAME=3Dtest_YM=
00&SMAUTHREASON=3D20&SMAGENTNAME=3D-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXP=
ADL1l0bEfFr6ZGrq3HJ%2fv720ACDphqn4Rhzb&TARGET=3D-SM-https%3a%2f%2fwww%2em=
yserver%2ecom%2fURI%2fhome%2ehtml%3fSMLOCALE=3DFR-FR"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"=
-
> "-"
> ----------------------------------------
> GET
> /siteminderagent/pwcgi/smpwservicescgi.exe?SMENC=3DUTF-8&SMTOKEN=3D{RC2=
}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dt=
XRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ=
0vyWFW1RyszdoiTDAp8ZSwqgO0=3D&USERNAME=3Dtest_YM00&SMAUTHREASON=3D20&SMAG=
ENTNAME=3D-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv72=
0ACDphqn4Rhzb&TARGET=3D-SM-https%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhom=
e%2ehtml%3fSMLOCALE=3DFR-FR
> HTTP/1.1
> Accept: */*
> Referer:
> https://www.myserver.com/siteminderagent/pwcgi/smpwservicescgi.exe?SMEN=
C=3DUTF-8&SMTOKEN=3D{RC2}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2M=
PyEDnDn1fDzHRadtrowaa0dtXRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e=
00c0C0x4dszYnBMJfwIFO/TQ0vyWFW1RyszdoiTDAp8ZSwqgO0=3D&USERNAME=3Dtest_YM0=
0&SMAUTHREASON=3D20&SMAGENTNAME=3D-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPA=
DL1l0bEfFr6ZGrq3HJ%2fv720ACDphqn4Rhzb&TARGET=3D-SM-https%3a%2f%2fwww%2emy=
server%2ecom%2fURI%2fhome%2ehtml%3fSMLOCALE=3DFR-FR
> Accept-Language: fr,en-gb;q=3D0.5
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
> 1.1.4322)
> Host: www.myserver.com
> Connection: Keep-Alive
> SM_TRANSACTIONID: c2ce165c-0650-443a2030-000e-074810c5
> SM_SDOMAIN: .myserver.com
> Location:
> /siteminderagent/pwcgi/smpwservicescgi.exe?SMENC=3DUTF-8&SMTOKEN=3D{RC2=
}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dt=
XRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ=
0vyWFW1RyszdoiTDAp8ZSwqgO0=3D&USERNAME=3Dtest_YM00&SMAUTHREASON=3D20&SMAG=
ENTNAME=3D-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv72=
0ACDphqn4Rhzb&TARGET=3D-SM-https%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhom=
e%2ehtml%3
> SM_REALM:
> SM_REALMOID:
> SM_AUTHTYPE: Not Protected
> SM_USER:
> SM_USERDN:
> mod_security-message: Access denied with code 403. Error normalising
> REQUEST_URI: Invalid character detected [0]
> mod_security-action: 403
>
> It seems that the error is due to the invalid character "0" if i
> understand the log displayed. But why my URL works fine when i change
> "%3f" to "?" ?!
> I continue my investigation, but if you can help me i will be happy...
>
> Regards,
> Christophe
>
>
>> Message du 07/04/06 =C3=A0 18h41
>> De : "Ivan Ristic" <iv...@we...>
>> A : ze...@vo...
>> Copie =C3=A0 : mod...@li...
>> Objet : Re: [mod-security-users] Access denied with code 403. Error
>> normalising REQUEST_URI: Invalid URL encoding detected: not enough
>> characters
>>
>> ze...@vo... wrote:
>> > Hi,
>> >
>> > I face a big problem using Mod Security 1.9.2.
>> >
>> > My web server architecture uses Siteminder and i use this kind of UR=
L
>> to
>> > change or modify password:
>> >
>> > https://www.myserver.com/siteminderagent/pwcgi/smpwservicescgi.exe
>>
>> The URL works fine work me.
>>
>> Are you sure you get the same result with "SecFilterCheckURLEncoding
>> Off"?
>>
>>
>> > ModSecurity logs as following:
>>
>> Can you get me the audit log entry for this problem?
>>
>>
>> > [06/Apr/2006:17:45:06 +0200]
>> > [www.myserver.com/sid#115800][rid#32ef88][/siteminderagent/pwcgi/smp=
wservicescgi.
>> > exe][1] Access denied with code 403. Error normalising REQUEST_URI:
>> > Invalid URL encoding detected: not enough characters
>>
>> This message would typically appear when there's an % at the end
>> of the URI but the two hexadecimal characters that need to follow it
>> aren't.
>>
>> --
>> Ivan Ristic, Technical Director
>> Thinking Stone, http://www.thinkingstone.com
>> ModSecurity: Open source Web Application Firewall
>> Apache Security (O'Reilly): http://www.apachesecurity.net
>>
>>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> language
> that extends applications into web and mobile media. Attend the live
> webcast
> and join the prime developer group breaking into this new coding
> territory!
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=110944&bid$1720&dat=12164=
2
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
|
|
From: Ivan R. <iv...@we...> - 2006-04-10 10:27:11
|
Alex wrote:
> Hi christophe
>
> IMHO (but Ivan will confirm) mod_security seems to truncate your url (see
> Location:
>> /siteminderagent/pwcgi/smpwservicescgi.exe?SMENC=UTF-8&SMTOKEN={RC2}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dtXRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ0vyWFW1RyszdoiTDAp8ZSwqgO0=&USERNAME=test_YM00&SMAUTHREASON=20&SMAGENTNAME=-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv720ACDphqn4Rhzb&TARGET=-SM-https%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhome%2ehtml%3
> that is truncated before the end... (fSMLOCALE=FR-FR is missing) and cause
> the %3f not beeing accepted... Changing the %3f to ? make the query a
> little bit shorter and is then accepted (but without taking care of the
> LOCALE I think.
Thanks for pointing out the content of the "Location" header. You are right
in that the content is truncated but it's not ModSecurity or Apache that's
doing it. It is received that way so it's probably the client that is sending
it. There appears to be a limit of 432 bytes (imposed by the client).
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net
|
|
From: Tom A. <tan...@oa...> - 2006-04-10 15:14:28
|
Ivan Ristic wrote: > Thanks for pointing out the content of the "Location" header. You are right > in that the content is truncated but it's not ModSecurity or Apache that's > doing it. It is received that way so it's probably the client that is sending > it. There appears to be a limit of 432 bytes (imposed by the client). All browsers impose maximum URL length requirements. I believe Internet Explorer is 2048 characters. Apache can handle something like 8k by default before returning a 414, though that is adjustable at compile time I think. However, I recall that the rule of thumb is 255 characters max on a GET due to certain other clients and proxies. So try using a POST instead for anything over 255 characters. Tom |
|
From: Ivan R. <iv...@we...> - 2006-04-10 17:46:13
|
Ivan Ristic wrote: > > Thanks for pointing out the content of the "Location" header. You are right > in that the content is truncated but it's not ModSecurity or Apache that's > doing it. It is received that way so it's probably the client that is sending > it. There appears to be a limit of 432 bytes (imposed by the client). FYI, we've come to a conclusion that Siteminder, which works as an Apache module, does something to change the URI so that it is different from the URI received in the request. We've left it at that. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net |
|
From: Ivan R. <iv...@we...> - 2006-04-10 10:42:23
|
ze...@vo... wrote: > Hi Ivan, > My web server architecture uses Siteminder Perhaps you could tell us more about your architecture? It would appear it's significant in this case. Is Siteminder based on Apache and you are using ModSecurity in it? Or do you have it configured to work as a proxy before or after Apache? I think the problem is in that something is truncating the URI. We just need to figure out what. > I tried again to set the "SecFilterCheckURLEncoding" to "Off or On" but the error still occurs. But it's a different error :) As a workaround extend the allowed byte range to allow the null byte: SecFilterForceByteRange 0 255 -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net |
