[BUG] Banned URLs are Case Sensitive - page 2 | WordPress.org

Resolved Anonymous User 9948090
(@anonymized-9948090)

5 years, 8 months ago

Hi

I’m using the banned URL feature of Wordfence a lot to immediately block hackers from accessing unwanted URLs.

Today I realized that the URLs entered into banned URLs list are case-sensitive. For example, if we add /phpmyadmin URL to the list and if someone try to access /phpMyAdmin URL, he’ll not be blocked. There might be many variations of a URL if we change case of each and every character and it’ll be very hard for us to block all variants.

In my opinion the entered banned URLs should be case-insensitive. So that we add one URL one time and can be sure that Wordfence will block visitors from accessing that URL no matter what case they choose.

I noticed it because I have entered /phpMyAdmin to the banned list and today someone tried to access /phpmyadmin and he was not banned. I tried it myself and I was also not blocked. I got 404 not found page.

So please fix this bug and make banned URLs case-insensitive.

Thank you.

Viewing 16 replies (of 16 total)

Thread Starter Anonymous User 9948090
(@anonymized-9948090)

5 years, 5 months ago

@wfasa
It was just an example to show how many variants of a URL can exist if the URL is long.

Viewing 16 replies (of 16 total)

The topic ‘[BUG] Banned URLs are Case Sensitive’ is closed to new replies.

Tags

In: Plugins
16 replies
5 participants
Last reply from: Anonymous User 9948090
Last activity: 5 years, 5 months ago
Status: resolved