[geeklog-devel] Blocking those inclusion attempts
Christian Weiske
cweiske at cweiske.de
Sat Dec 15 09:43:38 EST 2007
Dirk,
> >HTTP v1.1 allows complete URIs to be specified in the request line.
> Just to throw some numbers into the discussion:
> In the last 9:30 hours, geeklog.net served more than 28000 requests.
> 10000 of those were inclusion attempts. 5 requests used a GET with a
> complete URI ...
Violating the specs is never a good idea. Especially if there is an
easy way to prevent this by using a "!http://geeklog.net" rewrite
condition.
--
Regards/Mit freundlichen Grüßen
Christian Weiske
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20071215/8e8e4cf4/attachment.sig>
More information about the geeklog-devel
mailing list