Iman, can you please post an example of your request. Is it a GET or POST?
Please keep in mind that most characters must be URL-encoded. This is (character-)"encoding", while you seem to talk/wonder about character sets (iso-8859). This means that HTML-Entities (like ۨ) never appear in the request (except if there're some special settings for POST requests). -Achim Am 04.09.2012 11:28, schrieb Iman Vakili: > > > Sorry, my bad, the character is "ۨ" it uses ";" at the end of the > characters as a delimiter, and we all know how modsecurity treat with ";" > > ~IMAN > > ----- Forwarded Message ----- > From: Iman Vakili <ivak...@yahoo.com> > To: "owasp-modsecurity-core-rule-set@lists.owasp.org" > <owasp-modsecurity-core-rule-set@lists.owasp.org> > Sent: Tuesday, September 4, 2012 1:39 PM > Subject: [Owasp-modsecurity-core-rule-set] Fw: Encoding > > > > > I want to complete my question, when I send a character in iso-8859 , > something like "ۨ" will transfer and I don't know how to make > modsecurity to understand this (decode it), it seems that I have to change > iso-8859 to utf-8 maybe by t.urldecodeuni but I don't know how to transform > it, also I don't know what is the meaning of codes in the unicode.mapping > somethng like 01e5:67, anyone can explain their procedure? first I thought it > is mapping 01e5 to 67 but when I was testing it my hypothesis rejected, even > if it can map characters what should we do with "&#"? > > Sincerely yours > > ~IMAN > > > ----- Forwarded Message ----- > From: Iman Vakili <ivak...@yahoo.com> > To: "owasp-modsecurity-core-rule-set@lists.owasp.org" > <owasp-modsecurity-core-rule-set@lists.owasp.org> > Sent: Tuesday, September 4, 2012 8:36 AM > Subject: [Owasp-modsecurity-core-rule-set] Encoding > > > Hi friends, > > I have set parameter matching in UTF8 encoding on modsecurity, but there is a > web application which using iso-8859-1 for its encoding, and the thing is > modsecurity will detect every parameter encoded in iso-8859-1 in the post and > get parameters as an attack, that is natural behavior but I wonder how we can > support other encoding such as iso-8859-1, also there are some functions > which I think are ambiguous, like t:urlDecodeUni, I couldn't detect any > transformation by this function, also SecUnicodeCodePage and > SecUnicodeMapFile, the thing is it is not clear what exactly mapping do, > I will be so thankful if you can guide me, do you think I have to change in > the developing level to support other encodings? > > Thanks a lot, > All the best > > ~Iman > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
