[geeklog-devel] Blocking those inclusion attempts

Christian Weiske cweiske at cweiske.de
Sat Dec 15 09:43:38 EST 2007


> >HTTP v1.1 allows complete URIs to be specified in the request line.
> Just to throw some numbers into the discussion:
> In the last 9:30 hours, geeklog.net served more than 28000 requests.
> 10000 of those were inclusion attempts. 5 requests used a GET with a
> complete URI ...

Violating the specs is never a good idea. Especially if there is an
easy way to prevent this by using a "!http://geeklog.net" rewrite

Regards/Mit freundlichen Grüßen
Christian Weiske
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20071215/8e8e4cf4/attachment.sig>

More information about the geeklog-devel mailing list