内容编码设置为UTF-8无效吗？ [英] Is content-encoding being set to UTF-8 invalid?

问题描述

您好我有一个客户端尝试使用以下http标头发送给我们：

Hi I have a client that is trying to POST to us with the following http headers:

content-type: application/x-www-form-urlencoded
content-encoding: UTF-8

但是我们的Web应用程序防火墙不断提取它们并抛出错误：

But our web application firewall keeps picking them up and throwing error:

消息：[file/etc/httpd/modsecurity.d/10_asl_rules.conf ] [line45] [id340362] [msgAtomicorp.com WAF规则：ModSecurity不支持内容编码，无法检测使用它的攻击，因此必须阻止它。] [严重性警告 ]使用代码501拒绝访问（阶段2）。需要匹配rx ^ Identity $与REQUEST_HEADERS：Content-Encoding。
行动：截获（第2阶段）

Message: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "45"] [id "340362"] [msg "Atomicorp.com WAF Rules: ModSecurity does not support content encodings and can not detect attacks using it, therefore it must be blocked."] [severity "WARNING"] Access denied with code 501 (phase 2). Match of "rx ^Identity$" against "REQUEST_HEADERS:Content-Encoding" required. Action: Intercepted (phase 2)

有人想对这件事情有所了解吗？

Anyone would like to shed some light into this matter?

推荐答案

无效。 content-encoding 指定内容发布者使用的数据传输编码。 UTF-8不是内容编码，它是一个字符集。指定字符集在 content-type 标题中完成：

It is invalid. The content-encoding specifies the data transfer encoding used by the issuer of the content. UTF-8 is not a content encoding, it is a character set. Specifying the character set is done in the content-type header:

content-type: text/plain; charset=utf-8

有效的内容编码值例如是 gzip ， deflate 。 HTTP 客户端应使用 accept-encoding 标头指定它支持的内容编码; HTTP 服务器将使用内容编码标头进行回复。

Valid content-encoding values are, for instance, gzip, deflate. An HTTP client should specify what content encoding it supports with the accept-encoding header; the HTTP server will reply with a content-encoding header.

这篇关于内容编码设置为UTF-8无效吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！