Thread: [mod-security-users] Encoding-Problems
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Harald V. <har...@un...> - 2006-02-02 19:59:44
|
Hi I am using the last version (1.9.2) and have=20 problems with the german "umlaut" and other=20 special charactes in URL and other Headerparts. To fix this I added SecFilterCheckURLEncoding On SecFilterCheckUnicodeEncoding On SecFilterForceByteRange 1 255 but this does not help as shown below Any hints? Regards Harald URL-Problem 1 (umlaut =F6 in URL) Request: ourserver requestor - -=20 [02/Feb/2006:13:48:55 +0100] "GET=20 /pictures/m%F6nche.jpg HTTP/1.1" 302 230=20 "http://ourserver/photoarch.html" "Mozilla/4.0=20 (compatible; MSIE 5.0; Windows 98; DigExt)" - "-" Handler: proxy-server ---------------------------------------- GET /pictures/m%F6nche.jpg HTTP/1.1 mod_security-message: Access denied with code=20 400. Error normalising REQUEST_URI: Invalid=20 Unicode encoding: invalid byte value mod_security-action: 400 Content-Type: text/html; charset=3Diso-8859-1 URL-Problem 2 (umlaut =E4 in URL, Spaces) ---------------------------------------- GET=20 /kurse/FMPro?-db=3Durzkurse&-lay=3Dkurseweb&-format=3DSuch_ErgebnisseT.htm&-= error=3DSuchen_Fehler.htm&-sortfield=3DDatum&Themengebiet=3DInterdisziplin%e= 4res%20Lernen&F_Abgelaufen=3D0&Gesperrt=3Doffen&-token=3DInterdisziplin%e4re= s%20Lernen&-find=20 HTTP/1.1 mod_security-message: Access denied with code=20 400. Error normalising REQUEST_URI: Invalid=20 Unicode encoding: invalid byte value Content-Type: text/html; charset=3Diso-8859-1 Header-Problem1: (umlaut =FC in Useragent) Request: ourserver requestor - -=20 [02/Feb/2006:11:34:10 +0100] "GET /some.pdf HTTP/1.0" 30 2 230=20 "http://www.google.de/search?hl=3Dde&q=3DZyklisch+Phosphorylierung&spell=3D1= "=20 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT=20 5.1; Schiller-Gymnasium Sch\xfcler; Schiller-=20 Gymnasium Lehrer; .NET CLR 1.0.3705)" - "-" Handler: proxy-server ---------------------------------------- GET /some.pdf HTTP/1.0 Via: 1.0 S4 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;=20 Windows NT 5.1; Schiller-Gymnasium Sch=FCler;=20 Schiller- Gymnasium Lehrer; .NET CLR 1.0.3705) Host: ourserver mod_security-message: Access denied with code=20 400. Error validating header value (User-Agent):=20 Invalid Unicode encoding: invalid byte value Content-Type: text/html; charset=3Diso-8859-1 Header Problem 2: strange Agent coming from japanese site.... Request: ourserver requestor - -=20 [01/Feb/2006:11:18:10 +0100] "GET /favicon.ico=20 HTTP/1.0" 302 230 "-" "\xf0\x05\xe1\x07X9\xb 5\x05\x08" - "-" User-Agent: =F0^E=E1^GX9=B5^ mod_security-message: Access denied with code=20 400. Error validating header value (User-Agent): Invalid character detected= [5] |
|
From: Ivan R. <iv...@we...> - 2006-02-02 20:42:26
|
Harald Volz wrote: > Hi > I am using the last version (1.9.2) and have problems with the german > "umlaut" and other special charactes in URL and other Headerparts. > SecFilterCheckUnicodeEncoding On SecFilterCheckUnicodeEncoding should be "off" in your case. > Header Problem 2: strange Agent coming from japanese site.... > Request: ourserver requestor - - [01/Feb/2006:11:18:10 +0100] "GET > /favicon.ico HTTP/1.0" 302 230 "-" "\xf0\x05\xe1\x07X9\xb > 5\x05\x08" - "-" > User-Agent: ð^Eá^GX9µ^ > mod_security-message: Access denied with code 400. Error validating > header value (User-Agent): Invalid character detected [5] This message is not consistent with "SecFilterForceByteRange 1 255", ie should not happen. Did you use a different configuration when you got that error? -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com |
|
From: Harald V. <har...@un...> - 2006-02-06 11:36:18
|
Hi, I have still problems with special characters: Request: ourserver requesting_ip - -=20 [05/Feb/2006:04:39:54 +0100] "GET=20 /kurse/FMPro?-db=3Durzkurse&-lay=3Dkurseweb&-format=3DSuch _ErgebnisseT.htm&-error=3DSuchen_Fehler.htm&-sortfield=3DDatum&Themengebiet= =3DVer%e4nderungsmanagement%20und%20Teamentwicklung&F_Abgelaufen=3D0&Gesp errt=3Doffen&-token=3DVer%e4nderungsmanagement%2=20 HTTP/1.0" 302 230 "-" "search.ch V1.4.2=20 (spi...@se...; http://www.search.ch)" - "-" Handler: proxy-server ---------------------------------------- GET=20 /kurse/FMPro?-db=3Durzkurse&-lay=3Dkurseweb&-format=3DSuch_ErgebnisseT.htm&-= error=3DSuchen_Fehler.htm&-sortfield=3DDatum&Themengebiet=3DVer%e4nderun gsmanagement%20und%20Teamentwicklung&F_Abgelaufen=3D0&Gesperrt=3Doffen&-toke= n=3DVer%e4nderungsmanagement%2=20 HTTP/1.0 Accept: text/html, text/plain,* Accept-Language: de,fr,it,en,* mod_security-message: Access denied with code=20 400. Error normalising REQUEST_URI: Invalid URL=20 encoding detected: not enough characters httpd.conf settings for this virtual host: SecFilterCheckURLEncoding On SecFilterCheckUnicodeEncoding Off SecFilterForceByteRange 1 255 Any help? Kind regards, Harald At 21:42 02.02.2006, Ivan Ristic wrote: >Harald Volz wrote: > > Hi > > I am using the last version (1.9.2) and have problems with the german > > "umlaut" and other special charactes in URL and other Headerparts. > > > > SecFilterCheckUnicodeEncoding On > > SecFilterCheckUnicodeEncoding should be "off" in your case. > > > > Header Problem 2: strange Agent coming from japanese site.... > > Request: ourserver requestor - - [01/Feb/2006:11:18:10 +0100] "GET > > /favicon.ico HTTP/1.0" 302 230 "-" "\xf0\x05\xe1\x07X9\xb > > 5\x05\x08" - "-" > > User-Agent: =F0^E=E1^GX9=B5^ > > mod_security-message: Access denied with code 400. Error validating > > header value (User-Agent): Invalid character detected [5] > > This message is not consistent with "SecFilterForceByteRange 1 255", > ie should not happen. Did you use a different configuration when > you got that error? > >-- >Ivan Ristic, Technical Director >Thinking Stone, http://www.thinkingstone.com ------------------------------------------------------------------------ Harald Volz har...@un... Universitaetsrechenzentrum Tel: (++41) (0) 61 267 22 67 Universitaet Basel Fax: (++41) (0) 61 267 22 82 Klingelbergstr. 70 CH-4056 Basel ------------------------------------------------------------------------ |
|
From: Ivan R. <iv...@we...> - 2006-02-06 11:41:44
|
Harald Volz wrote:
> Hi,
> I have still problems with special characters:
>
> ...
>
>
> gsmanagement%20und%20Teamentwicklung&F_Abgelaufen=0
> &Gesperrt=offen&-token=Ver%e4nderungsmanagement%2
There's an invalid bit in the above URL.. here ^^
It's missing the second character. You can allow the requests
with invalid URL encoding through by changing:
SecFilterCheckURLEncoding On
to
SecFilterCheckURLEncoding Off
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
|
Thanks for helping keep SourceForge clean.
X