On Tue, 27 Aug 2013 23:12:01 +0000, Tor Exit wrote: > GET /index.php?file=../../../../../../../etc/passwd > > Why not employ similar techniques on a Tor exit? We can be 100% sure about > the malicious intent.
No, you can't be sure. That request could quite well be totally legitimate; you are not in a position to judge for the site owner. (I'm just fighting against a 'transparent proxy' that thinks POST with more than 1000 bytes are evil. Please don't add more points of failure to an already fragile web.) Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds@*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays