Changeset 38768
- Timestamp:
- 2024-02-22T17:45:11+13:00 (3 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/resources/tomcat/greenstone3.xml.svn
r37741 r38768 61 61 <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="@allowedIPs@"/> 62 62 63 <!-- Allows us to include the file rewrite.config in web/WEB-INF 63 <!-- Allows us to include the file: 64 <GSDL3SRCHOME>/web/WEB-INF/rewrite.config 64 65 Currently used (by default) to monitor for GS3 DL calls that use: 65 &href=... 66 and disable them, as malicieous users can uses this to mount an Open Redirect attack --> 66 &href=... and rl=0 ... 67 and rewrite them so they are forbidden by the server. 68 This is because malicious users can use this form of CGI URL supported by Greenstone3 69 to mount an Open Redirect attack --> 67 70 <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/> 68 71
Note:
See TracChangeset
for help on using the changeset viewer.