On Thu, Apr 12, 2018 at 1:14 PM, Ruediger Pluem <rpl...@apache.org> wrote: > > From an ops point of view: > > You do not always have an address bar visible with the affected URL. Think of > iframes or pop ups without address bars > and people are bad in providing the exact point of time when the issue > happened and hence the access logs are a tedious > business here on a busy server as a source for determining the issue. So I am > for re-encode the decoded URI so spaces > can't be used. > I don't like making admins life hard because of not so smart tools or people > reporting to security :-)
>From an ops point of view... see access log. I don't see this information as helpful for admin/ops. Perhaps useful for content creators with no such access. But I'd expect the vast majority of these are 1) ignored and 2) intentional/malicious probes.