Encoding periods (.) as . #1253
Comments
|
Noticed that my last post was auto corrected. The subject line is still correct. |
|
Strings where, what payloads? Post? |
|
This seems awefully lame, are they using a mod sec rule? Is this in any post or content with html and code |
|
It is a ModSecurity rule. I agree it is lame. I got their hosting to disable the rule and gave them some politely worded feedback. The problem is that when ModSecurity kicks in it gives you no clue what the problem is with the result that it makes the Web Application look bad. All I get is a "Oops! Page not found!" which is totally not helpful. They have disabled the rule so I can't do further testing. Namecheap is pretty large and other Hosts might try the same thing so I leave it as a suggestion so that you could get ahead of this. Thanks for being there and being responsive. |
|
Did you happen to get the rule id from your host error log |
|
The Rule Id is 210580. |
My host Namecheap is now rejecting strings like "web.config" in post requests. I suspect they are trying to avoid hacking attempts that go after specific system files. This makes it annoying to write documentation using GetSimple.
One suggestion I have is to encode the period as .
Thanks again for a great and simple CMS.
The text was updated successfully, but these errors were encountered: