On Tue, Nov 1, 2022 at 10:26 AM Darryl Philip Baker <[email protected]> wrote: > > We are getting a poorly formed URL being requested from our servers. Apache > is returning a 400 error but I am wondering if someone is try to exploit an > issue with some version of some web server out there. Maybe a Dos attack or > worse. Anyone have a clue what is being attempted? > > > > Sketchy URL: > https://www.northwestern.edu/accounting-scrvices/Annual%252ORepothtm
It's just an encoded space, %20, that was accidentally encoded again %25="%". Could even be your own rewrites. The flags around escaping stuff are a little confusing. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
