Skip to content
Snippets Groups Projects
Commit 005633b1 authored by Rob Swindell's avatar Rob Swindell :speech_balloon:
Browse files

Log requests that resolve outside of the web root as hack attempts

"Request for x is outside of the web root" was already logged (with a "NOTICE" log level), but would not sound the hack attempt alarm (on Windows) or log to the hack.log. Now it does.
parent 410974af
No related branches found
No related tags found
1 merge request!463MRC mods by Codefenix (2024-10-20)
Pipeline #2587 passed
...@@ -3633,8 +3633,13 @@ static BOOL check_request(http_session_t * session) ...@@ -3633,8 +3633,13 @@ static BOOL check_request(http_session_t * session)
if(strnicmp(path,root_dir,strlen(root_dir))) { if(strnicmp(path,root_dir,strlen(root_dir))) {
session->req.keep_alive=FALSE; session->req.keep_alive=FALSE;
send_error(session,__LINE__,"400 Bad Request"); send_error(session,__LINE__,"400 Bad Request");
lprintf(LOG_NOTICE,"%04d !ERROR Request for %s is outside of web root %s" SAFEPRINTF2(str, "Request for '%s' is outside of web root: %s", path, root_dir);
,session->socket,path,root_dir); lprintf(LOG_NOTICE,"%04d !ERROR %s", session->socket, str);
hacklog(&scfg, session->client.protocol, session->username, str, session->client.host, &session->addr);
#ifdef _WIN32
if(startup->sound.hack[0] && !sound_muted(&scfg))
PlaySound(startup->sound.hack, NULL, SND_ASYNC|SND_FILENAME);
#endif
return(FALSE); return(FALSE);
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment