2448Re: [webalizer] Re: Show hits based on query string?
- Jan 13, 2004Bradford L. Barrett wrote:
> The webalizer, by design, strips cgi query info from URLs and referrers.this cross site scripting vulnerability is really only a problem is anyone can access the stats url, correct?
> This is to make the URL/referrer counts more accurate. If you want them
> preserved, you need to edit webalizer.c, add '?', '&' and '=' to the
> "isurlchar()" function and re-compile. Please note that doing so will
> cause less accurate counts and will open up the possibility of a cross
> site scripting vulnerability (query strings are not checked since they
> are not supposed to be present).
i protect my stats from outside viewers for several reasons... first is its no ones business what my site does unless i want to let
them know... second (and very important) is to thwart logfile spammers... there are other reasons but these two are at the very top
of my list...
(@@) Waldo Kitty, Waldo's Place USA
__ooO_( )_Ooo_____________________ telnet://bbs.wpusa.dynip.com
_|_Eat_SPAM_to_email_me!_YUM!__|_____|_____ wkitty42 -at- alltel.net
- << Previous post in topic Next post in topic >>