Changeset 38768


Ignore:
Timestamp:
2024-02-22T17:45:11+13:00 (3 months ago)
Author:
davidb
Message:

Fixed spelling mistake, updated the comment about its purpose

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone3/resources/tomcat/greenstone3.xml.svn

    r37741 r38768  
    6161    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="@allowedIPs@"/>
    6262
    63     <!-- Allows us to include the file rewrite.config in web/WEB-INF
     63    <!-- Allows us to include the file:
     64           <GSDL3SRCHOME>/web/WEB-INF/rewrite.config
    6465         Currently used (by default) to monitor for GS3 DL calls that use:
    65            &href=...
    66          and disable them, as malicieous users can uses this to mount an Open Redirect attack -->
     66           &href=... and rl=0 ...
     67         and rewrite them so they are forbidden by the server.
     68         This is because malicious users can use this form of CGI URL supported by Greenstone3
     69         to mount an Open Redirect attack -->
    6770    <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/>
    6871   
Note: See TracChangeset for help on using the changeset viewer.