You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Apache Apache <ap...@hotmail.com> on 2005/07/13 05:06:16 UTC
[users@httpd] Apache 2.0.50
By default, will any of the core modules in Apache 2.0.50 showed the the
error "Due to the presence of characters known to be used in cross site
scripting attacks, access is forbidden. This web site does not allow Urls
which might include embedded HTML tags"???
If yes, what are these modules and can they be turned off???
_________________________________________________________________
Keep track of Singapore & Malaysia stock prices.
http://www.msn.com.sg/money/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.0.50
Posted by "Ivan Barrera A." <Br...@Ivn.cl>.
Raman Raheja wrote:
> I searched for patterns in apache's code and did not find matches to the
> error you have pointed out, confirming my thought that it does not seem
> like an apache error. What are you exactly doing? Where do you have the
> apache running and how are you accessing it? Do you have any custom
> modules being loaded that could cause this?
> One the second note, if this error is valid (true), why would you want
> to turn off reporting of this error (wherever it is coming from) rather
> than fixing your code and getting a clean output (no security issues).
> - Aman Raheja
> http://www.techquotes.com
>
Take a look for mod_security. That might be the one
> Apache Apache wrote:
>
>> By default, will any of the core modules in Apache 2.0.50 showed the
>> the error "Due to the presence of characters known to be used in cross
>> site scripting attacks, access is forbidden. This web site does not
>> allow Urls which might include embedded HTML tags"???
>>
>> If yes, what are these modules and can they be turned off???
>>
>> _________________________________________________________________
>> Keep track of Singapore & Malaysia stock prices.
>> http://www.msn.com.sg/money/
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.0.50
Posted by Aman Raheja <ar...@techquotes.com>.
I searched for patterns in apache's code and did not find matches to the
error you have pointed out, confirming my thought that it does not seem
like an apache error. What are you exactly doing? Where do you have the
apache running and how are you accessing it? Do you have any custom
modules being loaded that could cause this?
One the second note, if this error is valid (true), why would you want
to turn off reporting of this error (wherever it is coming from) rather
than fixing your code and getting a clean output (no security issues).
- Aman Raheja
http://www.techquotes.com
Apache Apache wrote:
> By default, will any of the core modules in Apache 2.0.50 showed the
> the error "Due to the presence of characters known to be used in cross
> site scripting attacks, access is forbidden. This web site does not
> allow Urls which might include embedded HTML tags"???
>
> If yes, what are these modules and can they be turned off???
>
> _________________________________________________________________
> Keep track of Singapore & Malaysia stock prices.
> http://www.msn.com.sg/money/
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org