Thursday, January 12, 2006

Mod_security CheckURLEncoding - 100th post - Valentines day

I had a weird problem today. When attempting to add a resource using my toolbar to one of my projects, I noticed that I kept getting a 500 error. Upon investigation, I found that the error was due to mod_security installed recently. Further investigation revealed that the following configuration directive was causing issues.


SecFilterCheckURLEncoding On



My question now is, does anyone know about how I can cause the invalid URLEncoding to be dropped instead of completely denying the request with 500?



Note to self: Find out how one can check each variable submitted from within the PHP script for proper URL encoding.



This post also marks my 100th post on this blog :). Thank you to everyone who has taken the time to post legitimate comments on my blog.



Yesterday I contributed some resources on valentines day to OpenEncyclopaedia.com (OE). If you know of a good resource, please add it to OE.