On Tue, Nov 1, 2022 at 10:26 AM Darryl Philip Baker <darryl.ba...@northwestern.edu> wrote: > > We are getting a poorly formed URL being requested from our servers. Apache > is returning a 400 error but I am wondering if someone is try to exploit an > issue with some version of some web server out there. Maybe a Dos attack or > worse. Anyone have a clue what is being attempted? > > > > Sketchy URL: > https://www.northwestern.edu/accounting-scrvices/Annual%252ORepothtm
It's just an encoded space, %20, that was accidentally encoded again %25="%". Could even be your own rewrites. The flags around escaping stuff are a little confusing. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
