Re: Unicode problem.

Thierry Robitaille wrote:
> Hi,
> 
> I just enable SecFilterCheckUnicodeEncoding and mod_sec(1.8.6) seem to 
> see invalid unicode encoding in this referer:
> "http://search.ke.voila.fr/S/wanadoo?gb=site&dt=*&cid=wng&kw=diversit%E9%20culturel" 
> 
> but there is no unicode in it, only url encoding characters.
> 
> Any idea?

   In short: if there's no Unicode there then Unicode encoding
   validation won't do any good for you. It will just produce false
   positives, such as the one you used as the example. Therefore you
   need to turn it off.

   ModSecurity can't tell (because HTTP does not support it) whether some
   incoming data is Unicode or not. Therefore it's on you to decide
   whether to enable the validation feature or not, using the knowledge
   of your application. If the Unicode encoding validation feature is
   enabled then all data must be a valid UTF-8 encoding. In your example,
   the %e9 character is treated as the first of a three-byte UTF-8
   encoded character. ModSecurity complains because the second and the
   third bytes are not valid.

--

-- 
Ivan Ristic (http://www.modsecurity.org)

-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues