1. Home
  2. Forums Index
  3. Server Side / Perl Server Side CGI Scripting 12:38 am May 21, 2026

Forum Moderators: coopster & phranque

Message Too Old, No Replies

Perl script being posted to?

But it's only used as a get script?

         

JohnNZ

1:32 am on May 5, 2014 (gmt 0)

10+ Year Member



I apologise in advance, my use of terminology may not be correct but hopefully you should be able to understand my problem.

I have a perl script which depending on parameters passed to it from the QUERY_STRING selects data rows from a text file. These rows are processed and a 'results' page returned to the user.

This script is called from URLs on the pages of the site with the parameters hard-coded into the href of the link. Yes you can play with the parameters by manipulating the query string.

So, as I understand it, I should only see a GET statement for this script?

However a user is managing to POST to the script and I'm not sure how they are doing this?

Brett_Tabke

1:54 am on May 5, 2014 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Depending on how the receiving routine is parsing the input, it very well could accept a GET or POST. Many receiving routines will be generic and accept both.

JohnNZ

2:13 am on May 5, 2014 (gmt 0)

10+ Year Member



Thanks for that. Yeah, I've just had a play with the HttpRequester plugin which allows you to POST what ever you want and the script still sort of works.

But other than using something like a plugin, I can't see how (or why) they would POST to the script?

As far as I'm aware I don't have a POST method on the site, so does that mean they must be using something like the plugin?

phranque

5:18 am on May 5, 2014 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



anyone can create and send a POST request to any url - they don't need your form for that.
attempts to POST may include vulnerability probes for spamming or hacking.

you can block POST requests if it is appropriate, either within your Perl script or using mod_rewrite. (assuming apache here)

if you block this in Perl, i would suggest a "403 Forbidden" response.

JohnNZ

5:52 am on May 5, 2014 (gmt 0)

10+ Year Member



Thanks Phranque. Didn't really realise that until today.

I am planning to block POSTs within my CGI-BIN folder. I will double check that none require POST but I suspect not.

My testing shows I get a 403 response on my local server.

Brett_Tabke

2:00 pm on May 5, 2014 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



> they would POST to the script?

it is probably a bot.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Perl Server Side CGI Scripting 12:38 am May 21, 2026