| Welcome to WebmasterWorld Guest from 126.96.36.199 |
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
|Subscribe to WebmasterWorld|
|Perl script being posted to?|
But it's only used as a get script?
| 1:32 am on May 5, 2014 (gmt 0)|
I apologise in advance, my use of terminology may not be correct but hopefully you should be able to understand my problem.
I have a perl script which depending on parameters passed to it from the QUERY_STRING selects data rows from a text file. These rows are processed and a 'results' page returned to the user.
This script is called from URLs on the pages of the site with the parameters hard-coded into the href of the link. Yes you can play with the parameters by manipulating the query string.
So, as I understand it, I should only see a GET statement for this script?
However a user is managing to POST to the script and I'm not sure how they are doing this?
| 1:54 am on May 5, 2014 (gmt 0)|
Depending on how the receiving routine is parsing the input, it very well could accept a GET or POST. Many receiving routines will be generic and accept both.
| 2:13 am on May 5, 2014 (gmt 0)|
Thanks for that. Yeah, I've just had a play with the HttpRequester plugin which allows you to POST what ever you want and the script still sort of works.
But other than using something like a plugin, I can't see how (or why) they would POST to the script?
As far as I'm aware I don't have a POST method on the site, so does that mean they must be using something like the plugin?
| 5:18 am on May 5, 2014 (gmt 0)|
anyone can create and send a POST request to any url - they don't need your form for that.
attempts to POST may include vulnerability probes for spamming or hacking.
you can block POST requests if it is appropriate, either within your Perl script or using mod_rewrite. (assuming apache here)
if you block this in Perl, i would suggest a "403 Forbidden" response.
| 5:52 am on May 5, 2014 (gmt 0)|
Thanks Phranque. Didn't really realise that until today.
I am planning to block POSTs within my CGI-BIN folder. I will double check that none require POST but I suspect not.
My testing shows I get a 403 response on my local server.
| 2:00 pm on May 5, 2014 (gmt 0)|
> they would POST to the script?
it is probably a bot.
All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved