Thanks Ryan. After adding t:utf8toUnicode,t:urlDecodeUni its working. -----Original Message----- From: Ryan Barnett [mailto:rbarn...@trustwave.com] Sent: Tuesday, April 01, 2014 7:09 PM To: Suraj Sharma; owasp-modsecurity-core-rule-set@lists.owasp.org Subject: Re: [Owasp-modsecurity-core-rule-set] Need Inputs for Validating Multilingual Charset
The two main configuration items you need to use are - SecUnicodeMapFile directives - https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecUnicodeM apFile. This will set your language code point for use by t:urlDecodeUni. Use t:utf8toUnicode,t:urlDecodeUni to map multi-byte characters into the proper Unicode points. See these references - http://blog.spiderlabs.com/2011/06/modsecurity-advanced-topic-of-the-week-u nicode-mapping-support.html http://blog.spiderlabs.com/2012/08/waf-normalization-and-i18n.html Ryan Barnett Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 4/1/14 9:07 AM, "Suraj Sharma" <sshar...@sapient.com> wrote: >Hi, >Need your help in creating rules for supporting multilingual character >set. Our current site is supported for English characters only , we would >like validate all the other language data as well but disallow characters >like ;"/< etc. Is it possible to build a generic rule to support all the >native language character set ? > >Thanks >~Suraj > >_______________________________________________ >Owasp-modsecurity-core-rule-set mailing list >Owasp-modsecurity-core-rule-set@lists.owasp.org >https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
