On 07/19/11 1:28 PM, Ray Leventhal wrote: > Example:http://www.domain.com/pagedoesnotexist returns the expected 404 > > But browse to a page that does exist, like goodpage.php, then append > either a slash and some random string, or a ?=somerandomstring and the > goodpage.php is still displayed. > > I'll gladly provide more info, if needed. Any pointers on where to look > would be truly appreciated. your php page should examine the arguments and if there's anythign there unexpected, it should force the 404 via { header ('Location: '.$newReq); header ('HTTP/1.0 404 Page Not Found'); die; // Don't send any more output. } or whatever... -- john r pierce N 37, W 122 santa cruz ca mid-left coast