On Thu, 26 Mar 2009, Christian Ridderström wrote:
Here's what I found in the error log:
[Thu Mar 26 00:18:34 2009] [error] [client 201.38.240.167] ModSecurity:
Access denied with code 400 (phase 2). Pattern match
"\\\\%(?!$|\\\\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:text. [id "950107"]
[msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname
"wiki.lyx.org"]
[uri "/LyX/LyxFunctions?action=edit"] [unique_id "t-bZsNTJRSsAAFdQ568AAAAB"]
Further investigations indicate that the problem is that mod_security
detects a '%' in one of the POSTed arguments, i.e. the argument that
contain the wiki markup for the page.
This means that with the current configuration of ModSecurity, it will
protest whenever you try to save a page containing a '%' in the markup.
*sigh*
ModSecurity is presumably there for a reason.. so: Does anyone have any
experience on how to deal with this kind of situation? Or simply ideas?
/Christian
--
Christian Ridderström Mobile: +46-70 687 39 44
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
