> >I know body checks are to be avoided, but sometimes stuff just gets > >through everything else. > > > >One thing I have seen a lot of is URLs using the replacement characters. > >For example, %20 is a space. Only these use TONS of them. > > have you looked at the body_checks at securitysage? they have quite a few > that seem to be like what you are trying to do
Last time I looked at theirs, it was a rather large body checks file, which I am trying to avoid. But perhaps I can pull out some useful parts. Also, I might try fiddling with the if statements in body checks to allow more to be used without as high an overhead. --Eric
