?
Solved

Special Characters in Form Fields blocked by SecureIIS

Posted on 2008-06-16
3
Medium Priority
?
261 Views
Last Modified: 2008-06-16
Our server uses SecureIIS for security, and it has a function where it screens all POST variables from forms for special characters.  I have several content management forms on my site that need to be able to accept en-dash and em-dash characters but SecureIIS kicks out an error whenever it receives one of these because it thinks it's malicious.  Does anyone know if there is a configuration setting in SecureIIS anywhere where I can specify "safe" characters?
0
Comment
Question by:lghaman123
  • 2
3 Comments
 
LVL 9

Accepted Solution

by:
Rurne earned 2000 total points
ID: 21796851
It sounds like SecureIIS is accepting only ASCII encoding.  Under the Shellcode option, you will see high-bit shellcode protection.  Anything outside of "standard" ASCII is considered high-bit (greater than €), so basically SecureIIS gives Unicode the hatchet job.  Em dash (—) and en dash (–) are covered under UTF-8, but not under ASCII.  SecureIIS readily acknowledges that this messes up multilingual sites, but this will also affect any file uploads/binary data submitted through a form.  You should disable all High Bit Shellcode options to restore functionality.
0
 

Author Comment

by:lghaman123
ID: 21797030
Thanks for your prompt response.  Not sure if my IT guys will let me do that but we'll see.

Thanks!
0
 
LVL 9

Expert Comment

by:Rurne
ID: 21797077
It's really pretty obnoxious.  It would be great if eEye would allow you to specify a particular character set and would provide proper escaping for, say, UTF-8.  However, there are several known exploits for Unicode, which is why Unicode gets blocked by default in SecureIIS.  Unfortunately, it's an either/or situation; if you want em and en dashes, you may be opening yourself to potential exploits.

HTH
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article discusses how to create an extensible mechanism for linked drop downs.
Laravel is the most sought after web development framework. It comes with ample amount of features that make it easy for developers to work around it. Know about its features in detail.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question