Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
Hocok_B_KapMaHe2014-05-06 16:04:15
Web servers
Hocok_B_KapMaHe, 2014-05-06 16:04:15

What characters should be cut in GET requests when writing a server?

Good time everyone!
I am writing a small web server,
trying to somehow secure it, and because of ignorance, I think it’s better to ask than later ...
So, if get requests are not parsed in any way, then the user can get any file in the system, for example
: root-path, let it be /var/www/
add to it from get
GET /index.html HTTP/1.1
We get:
/var/www/index.html
Now when requesting
GET /../../etc/shadow HTTP/ 1.1
we give a file with passwords =)
So, because folder in linux cannot contain / or null they need to be cut immediately. Colon cut - for safety's sake. Total three.
What characters did I miss? This means not only characters, but also bytes 0-255

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Andrew, 2014-05-06
@OLS

Read the articles "sanitizing URL" and "sanitizing input data" - a lot depends on which software the data received in the URL will be transferred to in the future

Similar questions
A
Andrey Titov2016-01-24 22:09:02
How to open access to your computer through a D-Link DSL-2640U router? 3Reply
D
Dmitry Petrik2013-06-06 10:29:58
Which Linux to Choose for a Web Server? 14Reply
J
just_obs2021-10-01 21:36:41
Why does it return html when there should be a redirect? 0Reply
G
GilbertAmethyst2018-07-14 14:15:54
How to pass an additional argument to a callback function? 1Reply
A
Arthur2016-02-26 16:14:06
How to set up a redirect from a directory to a symlink? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question