On Tue, Nov 1, 2022 at 10:26 AM Darryl Philip Baker <darryl.baker@xxxxxxxxxxxxxxxx> wrote: > > We are getting a poorly formed URL being requested from our servers. Apache is returning a 400 error but I am wondering if someone is try to exploit an issue with some version of some web server out there. Maybe a Dos attack or worse. Anyone have a clue what is being attempted? > > > > Sketchy URL: https://www.northwestern.edu/accounting-scrvices/Annual%252ORepothtm It's just an encoded space, %20, that was accidentally encoded again %25="%". Could even be your own rewrites. The flags around escaping stuff are a little confusing. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|