[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Special Characters in Form Fields blocked by SecureIIS

Posted on 2008-06-16
3
Medium Priority
?
255 Views
Last Modified: 2008-06-16
Our server uses SecureIIS for security, and it has a function where it screens all POST variables from forms for special characters.  I have several content management forms on my site that need to be able to accept en-dash and em-dash characters but SecureIIS kicks out an error whenever it receives one of these because it thinks it's malicious.  Does anyone know if there is a configuration setting in SecureIIS anywhere where I can specify "safe" characters?
0
Comment
Question by:lghaman123
  • 2
3 Comments
 
LVL 9

Accepted Solution

by:
Rurne earned 2000 total points
ID: 21796851
It sounds like SecureIIS is accepting only ASCII encoding.  Under the Shellcode option, you will see high-bit shellcode protection.  Anything outside of "standard" ASCII is considered high-bit (greater than €), so basically SecureIIS gives Unicode the hatchet job.  Em dash (—) and en dash (–) are covered under UTF-8, but not under ASCII.  SecureIIS readily acknowledges that this messes up multilingual sites, but this will also affect any file uploads/binary data submitted through a form.  You should disable all High Bit Shellcode options to restore functionality.
0
 

Author Comment

by:lghaman123
ID: 21797030
Thanks for your prompt response.  Not sure if my IT guys will let me do that but we'll see.

Thanks!
0
 
LVL 9

Expert Comment

by:Rurne
ID: 21797077
It's really pretty obnoxious.  It would be great if eEye would allow you to specify a particular character set and would provide proper escaping for, say, UTF-8.  However, there are several known exploits for Unicode, which is why Unicode gets blocked by default in SecureIIS.  Unfortunately, it's an either/or situation; if you want em and en dashes, you may be opening yourself to potential exploits.

HTH
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Course of the Month19 days, 7 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question