将内容编码设置为 UTF-8 是否无效? [英] Is content-encoding being set to UTF-8 invalid?
问题描述
您好,我有一个客户端正在尝试使用以下 http 标头向我们发送邮件:
Hi I have a client that is trying to POST to us with the following http headers:
content-type: application/x-www-form-urlencoded
content-encoding: UTF-8
但是我们的 Web 应用程序防火墙不断接收它们并抛出错误:
But our web application firewall keeps picking them up and throwing error:
消息:[file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "45"] [id "340362"] [msg "Atomicorp.com WAF 规则:ModSecurity 不支持内容编码和无法检测到使用它的攻击,因此必须阻止它."] [严重性警告"] 访问被拒绝,代码为 501(第 2 阶段).需要匹配rx ^Identity$"与REQUEST_HEADERS:Content-Encoding".行动:拦截(第2阶段)
Message: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "45"] [id "340362"] [msg "Atomicorp.com WAF Rules: ModSecurity does not support content encodings and can not detect attacks using it, therefore it must be blocked."] [severity "WARNING"] Access denied with code 501 (phase 2). Match of "rx ^Identity$" against "REQUEST_HEADERS:Content-Encoding" required. Action: Intercepted (phase 2)
有人想了解一下这件事吗?
Anyone would like to shed some light into this matter?
推荐答案
无效.content-encoding
指定内容发布者使用的数据传输编码.UTF-8 不是内容编码,而是字符集.在 content-type
标头中指定字符集:
It is invalid. The content-encoding
specifies the data transfer encoding used by the issuer of the content. UTF-8 is not a content encoding, it is a character set. Specifying the character set is done in the content-type
header:
content-type: text/plain; charset=utf-8
有效的内容编码值是,例如,gzip
、deflate
.HTTP client 应该使用 accept-encoding
标头指定它支持的内容编码;HTTP 服务器将回复一个content-encoding
标头.
Valid content-encoding values are, for instance, gzip
, deflate
. An HTTP client should specify what content encoding it supports with the accept-encoding
header; the HTTP server will reply with a content-encoding
header.
这篇关于将内容编码设置为 UTF-8 是否无效?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!