Re: 403 Forbidden on unicode urlencoded GET parameters (SecFilter issue)
[
Date Prev
][
Date Next
][
Thread Prev
][
Thread Next
][
Date Index
][
Thread Index
]
To
:
users@xxxxxxxxxxxxxxxx
Subject
: Re: 403 Forbidden on unicode urlencoded GET parameters (SecFilter issue)
From
: Thomas DEBESSE <
thomas.debesse@xxxxxxxxxxxxxxxxxxxxxxxxx
>
Date
: Tue, 28 Apr 2015 15:42:23 +0200
In-reply-to
: <
CAGXJp73SmffHJyrU87Yd6mpfV6dytHmVmUYKQVLuOfBOVS5bDg@mail.gmail.com
>
Reply-to
:
users@xxxxxxxxxxxxxxxx
Hi, sorry, I don't know why I got a false positive yesterday, but this is not related to SecFilter, the options change nothing and removing the whole mod_security module changes nothing, so it's not related to mod_security.
So this is my problem:
When a GET parameter use an urlencoded unicode character (like “%C3%A0”) Apache answers “403 Forbidden” without logging nothing.
I just have to call something like that:
http://domain/script.php?action=""> to get a 403 Forbidden answer.
Do you know what is the cause of this problem?
Thank you in advance
--
Thomas DEBESSE
Follow-Ups
:
Re: 403 Forbidden on unicode urlencoded GET parameters (SecFilter issue)
From:
Thomas DEBESSE
References
:
403 Forbidden on unicode urlencoded GET parameters (SecFilter issue)
From:
Thomas DEBESSE
Prev by Date:
[mod_disk_cache ] Cache Sharing Over NFS issue
Next by Date:
Re: 403 Forbidden on unicode urlencoded GET parameters (SecFilter issue)
Previous by thread:
403 Forbidden on unicode urlencoded GET parameters (SecFilter issue)
Next by thread:
Re: 403 Forbidden on unicode urlencoded GET parameters (SecFilter issue)
Index(es):
Date
Thread
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
