On Tue, 19 Jul 2011, John R Pierce wrote: > To: centos at centos.org > From: John R Pierce <pierce at hogranch.com> > Subject: Re: [CentOS] [OT] Apache oddity - appending garbage request does not > result in a 404 > > On 07/19/11 1:28 PM, Ray Leventhal wrote: >> Example:http://www.domain.com/pagedoesnotexist returns the expected 404 >> >> But browse to a page that does exist, like goodpage.php, then append >> either a slash and some random string, or a ?=somerandomstring and the >> goodpage.php is still displayed. >> >> I'll gladly provide more info, if needed. Any pointers on where to look >> would be truly appreciated. > > your php page should examine the arguments and if there's anythign there > unexpected, it should force the 404 via > > { > header ('Location: '.$newReq); > header ('HTTP/1.0 404 Page Not Found'); > die; // Don't send any more output. > } > > or whatever... If you don't need or want to pass any variables to your PHP scripts, you could use something like this PHP function: function url_check() { if ('' <> _SERVER["QUERY_STRING"] OR '#top' <> _SERVER["QUERY_STRING"]) { echo "<p> Passing of variables by URL query string is not supported! </p>"; echo "<p> Program terminating now - Please try again </p>"; echo "<p> Found in URL -> _SERVER['QUERY_STRING'] </p>"; exit(); } Kind Regards, Keith Roberts ----------------------------------------------------------------- Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] -----------------------------------------------------------------