Re: [Owasp-modsecurity-core-rule-set] JSON issues on mod_security

Mon, 19 May 2014 12:59:20 -0700 

This might help as well.

http://blog.spiderlabs.com/2014/05/modsecurity-advanced-topic-of-the-week-json-support.html


On Mon, May 19, 2014 at 3:09 PM, Neeraj.Chaudhary <nee...@rockonllc.com>wrote:

> Hi,
>
> It's been few days trying to figure out what is going wrong and where, but
> now I am stumped and need help from you guys.
>
> I am using mod_security on ISS version 8.0.9200.16384.
> The same code works fine without mod_security but as soon as I enable
> mod_security I get the below mentioned response.
> Which shows that the parameter userName is not proper. I debugged and
> looked
> into all possible concerns but unable to find an error. I am using jQuery
> AJAX
>
> {"Message":"Invalid web service call, missing value for parameter:
> \u0027userName\u0027.","StackTrace":"   at
> System.Web.Script.Services.WebServiceMethodData.CallMethod(Object target,
> IDictionary`2 parameters)\r\n   at
> System.Web.Script.Services.RestHandler.InvokeMethod(HttpContext context,
> WebServiceMethodData methodData, IDictionary`2 rawParams)\r\n   at
> System.Web.Script.Services.RestHandler.ExecuteWebServiceCall(HttpContext
> context, WebServiceMethodData
> methodData)","ExceptionType":"System.InvalidOperationException"}
>
> Request Body : {"userName": "neeraj.chaudhary", "password": "Abcd123"}
> Aspx webmethod signature is
>                 [WebMethod]
>                 public static string Login(string userName, string
> password)
>
> I shall be delighted if someone can point out what can be done in this
> case.
> Maybe change in rule or anything which can help me pass through this
> scenario.
>
> Regards,
> Neeraj Chaudhary
> +1 925 359 9074
>
>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>



-- 
Joshua Roback

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to