double slashes in redirect URL
-
I have installed the .htaccess security script from https://perishablepress.com/5g-blacklist-2012/ and the WordPress extension to it, WordPress Add-on for 5G Blacklist.
The script blocks hacker tricks not by IP Address (which would constantly need updating), but by the patterns in the REQUEST_URI, QUERY_STRING, User-Agent, etc. (There is also a version for IIS servers.)
One of the hacker tricks is double forward slashes in the Request String (not the https:// but after the file name). The script detects that and gives the hacker a 403:Permission Denied error. Nice!
There is a newer version, https://perishablepress.com/5g-blacklist-2013/ which took out the test for double slashes in the Request String (some widely used sites have them) but it still is Not Proper to have them.
I am leaving the trap for double forward slashes in (“//”) since it is primarily used by hackers.
The WP Super Cache does sometimes generate double forward slashes in the Redirect URL, e.g. [REDIRECT_URL] => /wp-content/cache/supercache/myblog.com/article-title//index.html
My blog is not super heavily used, and the server seems fast, so I have changed my WP Super Cache setting to “HALF ON Super Cache Disabled, only legacy WP-Cache caching.” so legitimate requests for pages don’t get blocked.
Please add a follow-up post if the double-slash gets fixed in the WP Super Cache, I want to use it.
- The topic ‘double slashes in redirect URL’ is closed to new replies.
