Re: htdig: looping with lots of / in URL


Christian Gut (lametta@www.gut.regio.de)
Mon, 13 Jul 1998 09:31:18 +0200 (MEST)


Hi

There is just a simple fix of the problem:

exclude_urls: /////

in htdig.conf.

chris

P.S.: I had a similar problem with an /products/products... loop.
      Perhaps there is solution to slove all these loop problems.?!

On Sat, 11 Jul 1998, Tomaz Borstnar wrote:

> Hello!
>
> I found interesting bug in 3.08b2 which is nice way for denial of
> service. This is from web server's logfile:
>
> 193.189.160.250 - - [11/Jul/1998:20:30:43 +0200] "GET
> /si//////si/ris98.html HTT
> P/1.0" 404 174 "http://www.ris.org/si//////deloris.html" "htdig/3.0.8b2
> (andrew@
> contigo.com)"
> 193.189.160.250 - - [11/Jul/1998:20:30:44 +0200] "GET
> /si//////si/ris98.html/ HT
> TP/1.0" 404 175 "http://www.ris.org/si//////deloris.html" "htdig/3.0.8b2
> (andrew
> @contigo.com)"
> 193.189.160.250 - - [11/Jul/1998:20:30:44 +0200] "GET /si//////si/faq.html
> HTTP/
> 1.0" 404 172 "http://www.ris.org/si//////deloris.html" "htdig/3.0.8b2
> (andrew@co
> ntigo.com)"
> 193.189.160.250 - - [11/Jul/1998:20:30:44 +0200] "GET /si//////si/faq.html/
> HTTP
> /1.0" 404 173 "http://www.ris.org/si//////deloris.html" "htdig/3.0.8b2
> (andrew@c
> ontigo.com)"
> 193.189.160.250 - - [11/Jul/1998:20:30:44 +0200] "GET /si//////www98.html
> HTTP/1
> .0" 404 171 "http://www.ris.org/si//////deloris.html" "htdig/3.0.8b2
> (andrew@con
> tigo.com)"
> 193.189.160.250 - - [11/Jul/1998:20:30:44 +0200] "GET /si//////www98.html/
> HTTP/
> 1.0" 404 172 "http://www.ris.org/si//////deloris.html" "htdig/3.0.8b2
> (andrew@co
> ntigo.com)"
>
>
> See lots of / in path? They just keep growing and filling things. Looks
> like some bad url in html
> made htdig loop.
>
> Was this fixed in some patch already?
>
> Thanks in advance.
>
>
> Tomaz
>
> p.s.
> Thanks to Andrew for nice software.
> ----
> Tomaz Borstnar <tomaz.borstnar@over.net>
> "Love is the answer to the final question you ask" - Unknown
> ----------------------------------------------------------------------
> To unsubscribe from the htdig mailing list, send a message to
> htdig-request@sdsu.edu containing the single word "unsubscribe" in
> the body of the message.
>

----------------------------------------------------------------------
To unsubscribe from the htdig mailing list, send a message to
htdig-request@sdsu.edu containing the single word "unsubscribe" in
the body of the message.



This archive was generated by hypermail 2.0b3 on Sat Jan 02 1999 - 16:26:52 PST