Search squid archive

customlog patch BUG ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




I'm seeing unescaped logfile entries when using the customlog patch, looking at the patch there is code to escape various fields in various ways but its not obvious on first look exactly which escaping rule should be getting used. I don't think its working.

My config entry (base on the example for Apache common format):

logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh


The problem affect my logfile stats program being unable to parse the line. Looks like someone is trawling for an awstats.pl bug. An example entry is:

WARN:a1cpu4.bz.log:1786006 parse error for length at w;wget"
WARN: 213.61.102.218 - - [15/Aug/2005:22:39:01 +0100] "GET http://62.XX.XX.109//awstats.pl"w;wget"; HTTP/1.1" 404 454 "-" "Mozilla/4.0(compatible; MSIE 6.0; Windows 98)" TCP_MISS:DIRECT


What I expected to see was:

"GET http://62.XX.XX.109//awstats.pl"w;wget"; HTTP/1.1"

into (with additional \ character) which would be what Apache does:

"GET http://62.XX.XX.109//awstats.pl\"w;wget"; HTTP/1.1"



I would guess the abuser is sending:

$ telnet www.mydomain.com 80
GET //awstats.pl"w;wget HTTP/1.1
Host: www.mydomain.com

$


Am happy to help resolve this bug through reconfiguration or testing of beta patches if necessary.

Thanks

--
Darryl L. Miles



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux