On Fri, 2005-02-11 at 08:34 -0500, AJ wrote: > This also stripped it down for me. > I do not see any logs in error or mischief. > How can I get it to actually log the attempt so I know this is working.
If you are running with apache >= 2.0, which many sites are, then apache will strip the malicious components of the URL and the defense in true_path will never get triggered because it will never see the malformed URL passed by apache. Thus there is no way to test it with apache >= 2.0, in fact you're not vulnerable to begin with. -- John Dennis <[EMAIL PROTECTED]> ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org