[CentOS] [OT] Apache oddity - appending garbage request does not result in a 404
Keith Roberts
keith at karsites.net
Tue Jul 19 21:33:23 UTC 2011
On Tue, 19 Jul 2011, John R Pierce wrote:
> To: centos at centos.org
> From: John R Pierce <pierce at hogranch.com>
> Subject: Re: [CentOS] [OT] Apache oddity - appending garbage request does not
> result in a 404
>
> On 07/19/11 1:28 PM, Ray Leventhal wrote:
>> Example:http://www.domain.com/pagedoesnotexist returns the expected 404
>>
>> But browse to a page that does exist, like goodpage.php, then append
>> either a slash and some random string, or a ?=somerandomstring and the
>> goodpage.php is still displayed.
>>
>> I'll gladly provide more info, if needed. Any pointers on where to look
>> would be truly appreciated.
>
> your php page should examine the arguments and if there's anythign there
> unexpected, it should force the 404 via
>
> {
> header ('Location: '.$newReq);
> header ('HTTP/1.0 404 Page Not Found');
> die; // Don't send any more output.
> }
>
> or whatever...
If you don't need or want to pass any variables to your
PHP scripts, you could use something like this PHP function:
function url_check()
{
if ('' <> _SERVER["QUERY_STRING"] OR
'#top' <> _SERVER["QUERY_STRING"])
{
echo "<p> Passing of variables by URL query string is not supported! </p>";
echo "<p> Program terminating now - Please try again </p>";
echo "<p> Found in URL -> _SERVER['QUERY_STRING'] </p>";
exit();
}
Kind Regards,
Keith Roberts
-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------
More information about the CentOS
mailing list