While trying to edit a topic in a web that I had copied over from another site, I got referred to http://www2.ktmshul.org/bin/oops/Ktm/WebPreferences?template=oopsattention;def=save_error;param1=RCS:%20/usr/bin/rcs%20%20-l%20%FILENAME%7cF%%20failed:%20 this "oops" URL.

However, the server processing this URL (Apache/2.2.0 with mod_security enabled) gave me a "406 Not Acceptable" error.

It appears that some of the % signs in that URL are being used in a way that mod_security's http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/03-configuration.html#N102D3 URL encoding validation system doesn't like.

(The underlying RCS error is, I assume, my fault and not TWiki's.)

Interesting; it would appear that CGI.pm's urlencoding isn't playing ball with mod_security.

This needs to be passed on to CGI and/or mod_security. It's not a TWiki problem, per se, as the URL encoding is correct. CC

ItemTemplate edit

Summary an "oops" URL is generated that mod_security rejects
ReportedBy TWiki:Main.SethGordon
Codebase
SVN Range Fri, 31 Mar 2006 build 9626
AppliesTo NotTWiki
Component mod_security
Priority Normal
CurrentState Confirmed
WaitingFor Someone to fix it
Checkins
TargetRelease n/a
ReleasedIn
Topic revision: r5 - 25 May 2007, CrawfordCurrie
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy