On Thu, Jun 26, 2014 at 3:19 PM, Ilyass Kaouam <ilyassi...@gmail.com> wrote:
> Hi guys. > > I not understand why modsecurity blocking my request with the character > "à" in french. > log: > Hi Ilyass, Take a look at the SecUnicodeCodePage and SecUnicodeMapFile directives. For more information see: http://blog.spiderlabs.com/2012/08/waf-normalization-and-i18n.html -- - Josh > > *--169a1612-A--* > > *[26/Jun/2014:11:48:57 +0200] U6vsiX8AAAEAAEkNI7cAAAAQ * > > *--169a1612-B--* > > *POST /beta/societe-xxxxxr HTTP/1.1* > > *Host: www.xxxx.xx* > > *User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 > Firefox/30.0* > > *Accept: */** > > *Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3* > > *Accept-Encoding: gzip, deflate* > > *Content-Type: application/x-www-form-urlencoded; charset=UTF-8* > > *X-Requested-With: XMLHttpRequest* > > *Referer: http://www.xxx.xxx/beta/societe-xxxx > <http://www.xxx.xxx/beta/societe-xxxx>* > > *Content-Length: 760* > > *Cookie: JSESSIONID=DC9410B3998A7E973EDBA0ED638F5B40; > __utma=111125463.1374472637.1403014671.1403719512.1403772965.34; > __utmz=111125463.1403435014.17.3.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); > __utmb=111125463.24.10.1403772965; __utmc=111125463; > JSESSIONID=EB7E51CFBA0B811E9335731DA6A26A08* > > *Connection: keep-alive* > > *Pragma: no-cache* > > *Cache-Control: no-cache* > > > *--169a1612-C--* > > *codeAction=1&entid=367928&bilid=321761&idMkt=672&denomination=&capital=10+000+&activite=PRODUCTION+DES+FILMS+CINEMATOGRAPHIQUES+ET+AUDIOVISEUL&effectif=0&effectifCadre=0&segmentEffectif=1&dateContribution=17%2F08%2F13+%C3%A0+15%3A41&loginUser=nabilchant%40hotmail.fr > <http://40hotmail.fr>&emailUser=nabilchant%40hotmail.fr > <http://40hotmail.fr>&id=672&denomination_validator=&rc_validator=&tribunal_validator=&fmj_validator=&capital_validator=&adresse_validator=&ville_validator=&activite_validator=&effectif_validator=&segmentEffectif_validator=&effectifCadre_validator=&telfaxmailweb_734=on&telfaxmailweb_734_validator=1&data_734=0610357910&type_734=1&idMktTelfaxmailweb_734=0&telfaxmailweb_735=on&telfaxmailweb_735_validator=1&data_735=0633327850&type_735=1&idMktTelfaxmailweb_735=0&statut=1&remarque=* > > *--169a1612-F--* > > *HTTP/1.1 403 Forbidden* > > *Content-Length: 245* > > *Connection: close* > > *Content-Type: text/html; charset=iso-8859-1* > > > *--169a1612-E--* > > > *--169a1612-H--* > > *Message: Access denied with code 403 (phase 2). Pattern match "\\W{4,}" > at ARGS:dateContribution. [file > "/etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_40_generic_attacks.conf"] > [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection > Alert - Repetative Non-Word Characters"] [data "Matched Data: \xc3\xa0 > found within ARGS:dateContribution: 17/08/13 \xc3\xa0 15:41"] [ver > "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"]* > > *Action: Intercepted (phase 2)* > > *Apache-Handler: proxy-server* > > *Stopwatch: 1403776137380257 11043 (- - -)* > > *Stopwatch2: 1403776137380257 11043; combined=642, p1=224, p2=399, p3=0, > p4=0, p5=19, sr=37, sw=0, l=0, gc=0* > > *Response-Body-Transformed: Dechunked* > > *Producer: ModSecurity for Apache/2.7.3 (http://www.modsecurity.org/ > <http://www.modsecurity.org/>); OWASP_CRS/2.2.9. <http://2.2.9.>* > > *Server: Apache* > > *Engine-Mode: "ENABLED"* > > > *--169a1612-Z--* > > > how to allow these types of characters. > thank you. > > > > > > > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
