[Modsecurity] Page blocked by miscoding in sugarcrm
Steve Cox
Steve.Cox at mergermarket.com
Wed Jun 21 06:27:08 EDT 2006
Hi,
I'm getting the following error in the apache error log:
[Wed Jun 21 11:11:47 2006] [error] [client ww.xx.yy.zz] mod_security:
Access denied with code 500. Error normalizing REQUEST_URI: Invalid URL
encoding detected: invalid characters used [hostname
"server.mysite.com"] [uri
"/sugarcrm/index.php?module=Contacts&action=index&query=true&advanced=tr
ue&button=Search&email=%&Contacts_CONTACT_offset=-100"]
The actual problem is with the php code in sugarcrm - generating the
segment "&email=%&" rather than "&email=%25&"
I'm looking to have that fixed, but in the meantime, can anybody let be
know the rule that would cause this so I can add a temporary entry to
exclude.conf for this URL
Thanks
Steve
More information about the Modsecurity
mailing list