On Tue, 19 Jul 2011, John R Pierce wrote:
To: centos@centos.org From: John R Pierce pierce@hogranch.com Subject: Re: [CentOS] [OT] Apache oddity - appending garbage request does not result in a 404
On 07/19/11 1:28 PM, Ray Leventhal wrote:
Example:http://www.domain.com/pagedoesnotexist returns the expected 404
But browse to a page that does exist, like goodpage.php, then append either a slash and some random string, or a ?=somerandomstring and the goodpage.php is still displayed.
I'll gladly provide more info, if needed. Any pointers on where to look would be truly appreciated.
your php page should examine the arguments and if there's anythign there unexpected, it should force the 404 via
{ header ('Location: '.$newReq); header ('HTTP/1.0 404 Page Not Found'); die; // Don't send any more output. }or whatever...
If you don't need or want to pass any variables to your PHP scripts, you could use something like this PHP function:
function url_check() {
if ('' <> _SERVER["QUERY_STRING"] OR '#top' <> _SERVER["QUERY_STRING"]) { echo "<p> Passing of variables by URL query string is not supported! </p>"; echo "<p> Program terminating now - Please try again </p>"; echo "<p> Found in URL -> _SERVER['QUERY_STRING'] </p>"; exit(); }
Kind Regards,
Keith Roberts
----------------------------------------------------------------- Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with TMDA [http://tmda.net] -----------------------------------------------------------------