[ic] Redirect spiders with session ID query param

Justin La Sotten justin.lasotten at gmail.com
Wed Mar 6 01:18:19 UTC 2013


> Just found it, it's BounceRobotSessionURL:
>
> http://docs.icdevgroup.org/cgi-bin/online/confs/BounceRobotSessionURL.html
>
> BounceReferralsRobot looks great too:
>
> http://docs.icdevgroup.org/cgi-bin/online/confs/BounceReferralsRobot.html
>
> I think there's a typo on that last page.  I think "This directive is
> similar to BounceReferralsRobot...." should be "This directive is
> similar to BounceReferrals...."
>
> Both directives became available in 5.7.0.
>
>
Make sure you are running at least 5.7.6, there was a nasty exploit in
previous versions when you enabled that directive. See the change log
http://ftp.icdevgroup.org/interchange/5.7/WHATSNEW

This is the commit that fixed it:
https://github.com/interchange/interchange/commit/c2d7cc435b71ffaaa1e6e1050566a087f8b5e510

And here is some info on what the problem was:
http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.icdevgroup.org/pipermail/interchange-users/attachments/20130305/b5b13358/attachment.html>


More information about the interchange-users mailing list