Including URL in body trips Mod_Security "HTTP Request Smuggling Attack" rule #2738
Unanswered
craigkendall
asked this question in
Q&A
Replies: 1 comment 3 replies
-
The presence of a URL is not request smuggling (it's not even in an HTTP context), so it sounds like a badly formulated rule. |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am using PHPMailer on a private website requiring log in to access info/features. One feature available to the admins on the site is the ability to send email communications (using PHPMailer) to all or segments of the approved users.
When a URL is included (to the same website nonetheless) in the body of the message, it triggers a mod_security rule on the server and the message is blocked.
Can anyone suggest or think of a way to encode the url so it doesn't get flagged as an HTTP Request Smuggling Attack outside of disabling the rule in mod_security?
Beta Was this translation helpful? Give feedback.
All reactions