Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#893 False positive: /.*\&adtype=

current actionsfile
closed-fixed
Fabian Keil
5
2013-02-09
2013-01-31
u302320
No

URL: http://kleinanzeigen.ebay.de/anzeigen/

The search form ("Finden") has a hidden input field "adType". Any attempts to use the search for customer ads on kleinanzeigen.ebay.de are blocked as the pattern "/.*\&adtype=" in the {+block-as-image} section of default.action will match and return a gif to the client.

Further experimens reveal similar problems with "Gesuche" (want ads). Clicking on "Gesuche" somewhere in the category tree (f.e. navigate to http://kleinanzeigen.ebay.de/anzeigen/s-autos/c216\) cause the the browser to request something like http://kleinanzeigen.ebay.de/anzeigen/s-suchanfrage.html?keywords=&categoryId=216&locationStr=&locationId=&radius=0&sortingField=SORTING_DATE&adType=WANTED&posterType=&pageNum=1&action=find&maxPrice=&minPrice=
Again, the parttern "/.*\&adtype=" in default.action will match the adType=WANTED parameter in the url and block the request.

Discussion

  • Fabian Keil
    Fabian Keil
    2013-02-09

    Thanks for the report.

    I changed the offending pattern to "rover.ebay./.*\&adtype=".

     
  • Fabian Keil
    Fabian Keil
    2013-02-09

    • assigned_to: nobody --> fabiankeil
    • status: open --> closed-fixed
     
  • Adam Piggott
    Adam Piggott
    2013-02-09

    adtype examples

     
    Attachments
  • Adam Piggott
    Adam Piggott
    2013-02-09

    I've found some URLs which may be relevant to this bug. Some eBay rover URLs that are solely for tracking / adverts and some YouTube URLs which were being incorrectly blocked. There are also quite a few true positives for adtype= that are not eBay-related, but most of which are blocked by other rules.

    I've noticed that the advert/tracking eBay rover URLs are always served from http://rover.ebay.com/ar/ , whereas the legitimate URLs are http://rover.ebay.com/rover/ or http://rover.ebay.co.uk/rover/ .

    It might be worth making an exception just for the German anzeigen (or "classifieds") part of eBay. With some testing I found that US classifieds site is not blocked by the adtype rule. My sample size for true positives on adtype isn't large, but I thought worth adding my findings to this report.

     
  • Fabian Keil
    Fabian Keil
    2013-02-11

    Thanks for the additional information, Adam.

    I changed the pattern to "rover.ebay./ar.*\&adtype=".

    I'm not that concerned about some ads on Ebay potentially getting through, especially when they can't be blocked without breaking too much other stuff.