Thursday, January 12, 2006

Mod_security CheckURLEncoding - 100th post - Valentines day

I had a weird problem today. When attempting to add a resource using my toolbar to one of my projects, I noticed that I kept getting a 500 error. Upon investigation, I found that the error was due to mod_security installed recently. Further investigation revealed that the following configuration directive was causing issues.

SecFilterCheckURLEncoding On

My question now is, does anyone know about how I can cause the invalid URLEncoding to be dropped instead of completely denying the request with 500?

Note to self: Find out how one can check each variable submitted from within the PHP script for proper URL encoding.

This post also marks my 100th post on this blog :). Thank you to everyone who has taken the time to post legitimate comments on my blog.

Yesterday I contributed some resources on valentines day to (OE). If you know of a good resource, please add it to OE.