"Invalid UTF8 Encoding" entries appear in DPI events

Product / Version includes:

Deep Security20.0 , Deep Security11.0 , Deep Security10.2 , Deep Security As A ServiceAll , Deep Security10.1 , Deep Security10.0 , Deep Security10.3

Last updated: 2021/08/28

Solution ID: KA-0001207

Category: Configure

Summary

By default, Deep Security is configured for UTF-8 encoding in HTTP request. Deep Security expects extended ASCII characters, such as é, to be encoded by the user’s browser as "%C3%A9". However, some applications may use a different encoding type and encode é as "%82".

If your logs show 'Invalid UTF8 Encoding' events for what appear to be legitimate traffic, you may need to change your encoding type in Deep Security:

Open the properties of the Security Profile used by the host triggering the events (or Host properties, if your filters are assigned directly to the host).
Open the DPI Rules section of the profile.
Open the properties of the HTTP Protocol Decoder filter.
Go to the Configuration tab and then select the Latin-1 encoding option.
Click OK.

Once the agent receives the update, Deep Security will allow encoding of this type to pass through the application.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

"Invalid UTF8 Encoding" entries appear in DPI events

"Invalid UTF8 Encoding" entries appear in DPI events

Product / Version includes:

Summary