Loading ...
Sorry, an error occurred while loading the content.

2448Re: [webalizer] Re: Show hits based on query string?

Expand Messages
  • waldo kitty
    Jan 13, 2004
      Bradford L. Barrett wrote:

      > The webalizer, by design, strips cgi query info from URLs and referrers.
      > This is to make the URL/referrer counts more accurate. If you want them
      > preserved, you need to edit webalizer.c, add '?', '&' and '=' to the
      > "isurlchar()" function and re-compile. Please note that doing so will
      > cause less accurate counts and will open up the possibility of a cross
      > site scripting vulnerability (query strings are not checked since they
      > are not supposed to be present).

      this cross site scripting vulnerability is really only a problem is anyone can access the stats url, correct?

      i protect my stats from outside viewers for several reasons... first is its no ones business what my site does unless i want to let
      them know... second (and very important) is to thwart logfile spammers... there are other reasons but these two are at the very top
      of my list...

      (@@) Waldo Kitty, Waldo's Place USA
      __ooO_( )_Ooo_____________________ telnet://bbs.wpusa.dynip.com
      _|_____|_____|_____|_____|_____|_____ http://www.wpusa.dynip.com
      ____|_____|_____|_____|_____|_____|_____ ftp://ftp.wpusa.dynip.com
      _|_Eat_SPAM_to_email_me!_YUM!__|_____|_____ wkitty42 -at- alltel.net
    • Show all 10 messages in this topic