Sorry for the noise, the customer blindly copypasted a “security rule from
the Internet” in his htaccess, and this was a rules to forbid foreign
characters…
You will laugh with me, he wrote that, then complained about the Forbidden
he got :
> # Rules to block foreign characters in URLs
> RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
> RewriteRule ^(.*)$ - [F]
This topic is solved.
2015-04-28 15:42 GMT+02:00 Thomas DEBESSE <
[email protected]>:
> Hi, sorry, I don't know why I got a false positive yesterday, but this is
> not related to SecFilter, the options change nothing and removing the whole
> mod_security module changes nothing, so it's not related to mod_security.
>
> So this is my problem:
>
> When a GET parameter use an urlencoded unicode character (like “%C3%A0”)
> Apache answers “403 Forbidden” without logging nothing.
> I just have to call something like that:
> http://domain/script.php?action=Mettre+%C3%A0+jour to get a 403 Forbidden
> answer.
>
> Do you know what is the cause of this problem?
>
> Thank you in advance
>
> --
> Thomas DEBESSE
>
--
Thomas DEBESSE
