I'm testing a web application firewall and it's blocking many of my pages.
Those pages are blocked by a rules that check metacharacters in variables. In the specifical case it's blocking "%0D" (the urlencoded of newline I think).
I noticed that phpBB uses two different ways to post forms:
The block only happens when using "x-www-form-urlencoded".
I'm about to choose if use multipart/form-data in every form or to disable metacharacters check on Web Application firewall.
Any suggestion? Thank you