Unexpected querystring

I've seen a small number of querystrings from apparently good visitors ("local" broadband) which appear to be referer strings from google. At present three IPs have been trapped at three seperate times but could be a single user at different broadband locations. Since none of my web sites require querystrings I have a generic "no querystrings" trap to reduce injection attempts...

<if " %{QUERY_STRING} =~ m#[a-z]+#i ">
 SetEnvIfExpr "%{QUERY_STRING} =~ /(.+)/" query=any:$0
</if>

This has triggered on three occasions in the past five days with two variants on the actual query:

http: ok:HTTP/1.1
browser: Safari:Safari/604
query: any:back=https%3A%2F%2Fwww.google.com%2Fsearch%3Fclient%3Dsafari%26as_qdr%3Dall%26as_occt%3Dany%26safe%3Dactive%26as_q%3DIs+Bristol+in+the+south+of+England%26channel%3Daplab%26source%3Da-app1%26hl%3Den

with headers:

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb
Connection: keep-alive
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Mobile/15E148 Safari/604.1

The querystring as a referer would seem reasonable - it's what this site is about. My guess is that one or more iphones running safari have a badly set-up browser that forwards SE referers as querystrings. Is that a reasonable scenario? The "back=" would suggest a retry but yesterday's access seems to have no precursor.

If it's a genuine iphone error I may have to add an exemption (not for the first time for iphones!). I'd rather not do that.

Unexpected querystring

dstiles

NickMNS

dstiles

lucy24

iamlost

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week