WordPress.org

Ready to get started?Download WordPress

Forums

WP Super Cache
double slashes in redirect URL (1 post)

  1. George Lerner
    Member
    Posted 11 months ago #

    I have installed the .htaccess security script from http://perishablepress.com/5g-blacklist-2012/ and the WordPress extension to it, WordPress Add-on for 5G Blacklist.

    The script blocks hacker tricks not by IP Address (which would constantly need updating), but by the patterns in the REQUEST_URI, QUERY_STRING, User-Agent, etc. (There is also a version for IIS servers.)

    One of the hacker tricks is double forward slashes in the Request String (not the http:// but after the file name). The script detects that and gives the hacker a 403:Permission Denied error. Nice!

    There is a newer version, http://perishablepress.com/5g-blacklist-2013/ which took out the test for double slashes in the Request String (some widely used sites have them) but it still is Not Proper to have them.

    I am leaving the trap for double forward slashes in ("//") since it is primarily used by hackers.

    The WP Super Cache does sometimes generate double forward slashes in the Redirect URL, e.g. [REDIRECT_URL] => /wp-content/cache/supercache/myblog.com/article-title//index.html

    My blog is not super heavily used, and the server seems fast, so I have changed my WP Super Cache setting to "HALF ON Super Cache Disabled, only legacy WP-Cache caching." so legitimate requests for pages don't get blocked.

    Please add a follow-up post if the double-slash gets fixed in the WP Super Cache, I want to use it.

    http://wordpress.org/plugins/wp-super-cache/

Reply

You must log in to post.

About this Plugin

About this Topic