Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

A question about mod_security error

Status
Not open for further replies.
lcs01

lcs01

Programmer
Joined
Aug 2, 2006
Messages
182
Location
US
One of my complany's page has a form input. If a user enter some invalid string, there will be an error on the server side:

mod_security: Invalid Unicode encoding: invalid byte value

I tend to believe it is a configuration issue. But I don't know how to configure it. I don't even know where to start. Could someone lend me a hand?

Many thanks!
 
Sort by date Sort by votes
I found an answer on the web:


quot.
====
psyonic_blast <at> inbox.lv wrote:
> Hello mod-security-users,
>
> tell me please, how can i correct this error ?
> [error] [client 213.182.221.133] mod_security: Invalid Unicode encoding: invalid byte value

Add

SecFilterCheckUnicodeEncoding Off

to your web server configuration.
======
unquot
 
Upvote 0 Downvote
It works by adding "SecFilterCheckUnicodeEncoding Off".

Thank you all for reading this.
 
Upvote 0 Downvote
Yes but mod_security is checking for HTTP vulnerablites. I'd search arround and read up on mod_security before applying fixes that you may not understand the implications of. If you do understand what you are doing then never mind. [smile]

- Kevin, perl coder unexceptional!
 
Upvote 0 Downvote
Actually, I don't quite understand this issue. I would prefer to post a warning telling a user his/her input was invalid. However, it seems to me that web server does not know how to handle it, so that it simply post a 403 error.

Is there a way to configure the web server, so it can actually catch all the invalid error and post an informative warning?

Thanks.
 
Upvote 0 Downvote
Thank you, Kevin.

The site you recommended is quite helpful. There is an Appendix at the site called "Recommended Configuration". I copied a few lines here for someone who could be interested:

================


Appendix A: Recommended Configuration

# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding Off
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Dino_1000
  • Locked
  • Question Question
Use the perl debugger to dump all the data in a string variable
Replies
0
Views
670
Dino_1000
Dino_1000
dan
  • Locked
  • Question Question
add a variable to subject in formmail.pl
Replies
6
Views
833
feherke
feherke
Limbomusic
  • Locked
  • Question Question
Perl files getting accessed directly
Replies
0
Views
648
Limbomusic
Limbomusic
newbie1238585
  • Locked
  • Question Question
Perl how to read string in csv file * as wildcard operator
Replies
2
Views
831
mikrom
mikrom
ss_ham
  • Locked
  • Question Question
in Perl find call looking to exclude folder and ignore duplicate finds.
Replies
2
Views
729
ss_ham
ss_ham

Part and Inventory Search

Sponsor

Back
Top