[ic] Redirect spiders with session ID query param

Grant emailgrant at gmail.com
Wed Mar 6 20:26:48 UTC 2013


>> Just found it, it's BounceRobotSessionURL:
>>
>> http://docs.icdevgroup.org/cgi-bin/online/confs/BounceRobotSessionURL.html
>>
>> BounceReferralsRobot looks great too:
>>
>> http://docs.icdevgroup.org/cgi-bin/online/confs/BounceReferralsRobot.html
>>
>> I think there's a typo on that last page.  I think "This directive is
>> similar to BounceReferralsRobot...." should be "This directive is
>> similar to BounceReferrals...."
>>
>> Both directives became available in 5.7.0.
>>
>
> Make sure you are running at least 5.7.6, there was a nasty exploit in
> previous versions when you enabled that directive. See the change log
> http://ftp.icdevgroup.org/interchange/5.7/WHATSNEW
>
> This is the commit that fixed it:
> https://github.com/interchange/interchange/commit/c2d7cc435b71ffaaa1e6e1050566a087f8b5e510
>
> And here is some info on what the problem was:
> http://www.securiteam.com/securityreviews/5WP0E2KFGK.html

Great info, many thanks for that Justin.

- Grant



More information about the interchange-users mailing list