diff options
| author | Dan Fandrich <danf@mageia.org> | 2025-06-06 18:47:10 -0700 |
|---|---|---|
| committer | Dan Fandrich <danf@mageia.org> | 2025-06-06 18:47:10 -0700 |
| commit | 058146cfdea0ee115b29abd816aa0ba8004311e0 (patch) | |
| tree | fcf044e3ed99f651fec188eac253ab36599e180b /modules/apache | |
| parent | 6d0484586a22372b280125337f870353041f05f0 (diff) | |
| download | puppet-058146cfdea0ee115b29abd816aa0ba8004311e0.tar puppet-058146cfdea0ee115b29abd816aa0ba8004311e0.tar.gz puppet-058146cfdea0ee115b29abd816aa0ba8004311e0.tar.bz2 puppet-058146cfdea0ee115b29abd816aa0ba8004311e0.tar.xz puppet-058146cfdea0ee115b29abd816aa0ba8004311e0.zip | |
Properly escape the target in then anti-robot redirect
Any additional URL parameters after a & were previously dropped.
Diffstat (limited to 'modules/apache')
| -rw-r--r-- | modules/apache/manifests/mod/fcgid.pp | 7 | ||||
| -rw-r--r-- | modules/apache/templates/urlescape | 9 | ||||
| -rw-r--r-- | modules/apache/templates/vhost_fcgid.conf | 3 |
3 files changed, 18 insertions, 1 deletions
diff --git a/modules/apache/manifests/mod/fcgid.pp b/modules/apache/manifests/mod/fcgid.pp index 6c815681..b8186a64 100644 --- a/modules/apache/manifests/mod/fcgid.pp +++ b/modules/apache/manifests/mod/fcgid.pp @@ -1,4 +1,11 @@ class apache::mod::fcgid { include apache::base package { 'apache-mod_fcgid': } + + file { 'urlescape': + path => '/usr/local/bin/urlescape', + mode => '0755', + notify => Service['apache'], + content => template('apache/urlescape'), + } } diff --git a/modules/apache/templates/urlescape b/modules/apache/templates/urlescape new file mode 100644 index 00000000..8feb7fa4 --- /dev/null +++ b/modules/apache/templates/urlescape @@ -0,0 +1,9 @@ +#!/usr/bin/python3 -u +# URL escape each path given on stdin +import sys +import urllib.parse +while True: + l = sys.stdin.readline() + if not l: + break + print(urllib.parse.quote(l.rstrip("\n"))) diff --git a/modules/apache/templates/vhost_fcgid.conf b/modules/apache/templates/vhost_fcgid.conf index 3aed1ea2..f137c866 100644 --- a/modules/apache/templates/vhost_fcgid.conf +++ b/modules/apache/templates/vhost_fcgid.conf @@ -27,10 +27,11 @@ RewriteRule . - [R=403,L] # set, redirect to a page where it will be set using JavaScript and redirect # back. This will block requests from user agents that do not support # JavaScript, which includes many robots. +RewriteMap urlescape prg:/usr/local/bin/urlescape RewriteCond %{QUERY_STRING} pathrev=|r1= RewriteCond %{REQUEST_URI} !/_check RewriteCond %{HTTP_COOKIE} !session=([^;]+) [novary] -RewriteRule . %{REQUEST_SCHEME}://%{SERVER_NAME}:%{SERVER_PORT}/_check?to=%{REQUEST_URI}?%{QUERY_STRING} [R=302,L] +RewriteRule . %{REQUEST_SCHEME}://%{SERVER_NAME}:%{SERVER_PORT}/_check?to=%{REQUEST_URI}?${urlescape:%{QUERY_STRING}} [R=302,L] # Block abusive spiders by IP address who don't identify themselves in the # User-Agent: string |