[geeklog-devel] Blocking those inclusion attempts
cweiske at cweiske.de
Sat Dec 15 09:43:38 EST 2007
> >HTTP v1.1 allows complete URIs to be specified in the request line.
> Just to throw some numbers into the discussion:
> In the last 9:30 hours, geeklog.net served more than 28000 requests.
> 10000 of those were inclusion attempts. 5 requests used a GET with a
> complete URI ...
Violating the specs is never a good idea. Especially if there is an
easy way to prevent this by using a "!http://geeklog.net" rewrite
Regards/Mit freundlichen Grüßen
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: not available
Url : <http://eight.pairlist.net/pipermail/geeklog-devel/attachments/20071215/8e8e4cf4/attachment.pgp>
More information about the geeklog-devel