Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
//feed/ being served as /
Sometimes I see “//feed/” in my logs. When I try that out myself, I get my home page. Does Textpattern intercept that? If so, why?
Offline
Re: //feed/ being served as /
I don’t think the eed/ matter at all. What matters is //. And as far as I can tell, it is not Textpattern doing the work here but the Apache url handler. I see exactly the same behaviour on a (sub-)domain without any Textpattern (that sub-domain only serves static html).
You can see the same with //foobar, or any other string. Or ///
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: //feed/ being served as /
I’ve got Linux on the brain and just assumed a second / did nothing. You are correct about what it does. I guess anything with // is a bot going fishing and I should reject it.
Offline
Re: //feed/ being served as /
That might be a little more complex. Txp .htaccess is set in a way that if some/dir|file physically exists, it will be directly accessed via its path (like in /images/), bypassing txp. Typically, apache will ignore multiple slashes, so //images/ etc works too. But trying to access /non/existing/dir|file URL leaves the hand to txp, and then /blah/ and //blah/ will not be parsed equally: the first one will be seen as blah section landing page and issue a 404 if it does not exist. The second one will land you on the ‘empty’ section (between two /), i.e. the frontpage, ignoring blah part.
Should we tweak the url parser to ignore multiple /, à la apache? Probably yes, but part of me says // url patterns might be useful in future url schemes.
Offline
Re: //feed/ being served as /
I wasn’t considering a tweak of the Textpattern default htaccess file. My hyaccess file is…[checks]…366 lines. Most of those lines are keeping out script kiddies, bots, crawlers, SEO data brokers, and other lowlifes. I have just learned that // is a script-kiddle method for detecting if a file exists, and that is exactly what all the // log entries look like. Unless there is some legitimate reason for // to be used by a human, Ima gonna block it.
Offline
Pages: 1