-
-
- WebcitAddUrlHandler(HKEY("blank"), blank_page, ANONYMOUS|BOGUS);
-
- WebcitAddUrlHandler(HKEY("webcit"), blank_page, URLNAMESPACE);
+ WebcitAddUrlHandler(HKEY("404"), "", 0, do_404, ANONYMOUS|COOKIEUNNEEDED);
+/*
+ * Look for commonly-found probes of malware such as worms, viruses, trojans, and Microsoft Office.
+ * Short-circuit these requests so we don't have to send them through the full processing loop.
+ */
+ WebcitAddUrlHandler(HKEY("scripts"), "", 0, do_404, ANONYMOUS|BOGUS); /* /root.exe - Worms and trojans and viruses, oh my! */
+ WebcitAddUrlHandler(HKEY("c"), "", 0, do_404, ANONYMOUS|BOGUS); /* /winnt */
+ WebcitAddUrlHandler(HKEY("MSADC"), "", 0, do_404, ANONYMOUS|BOGUS);
+ WebcitAddUrlHandler(HKEY("_vti"), "", 0, do_404, ANONYMOUS|BOGUS); /* Broken Microsoft DAV implementation */
+ WebcitAddUrlHandler(HKEY("MSOffice"), "", 0, do_404, ANONYMOUS|BOGUS); /* Stoopid MSOffice thinks everyone is IIS */
+ WebcitAddUrlHandler(HKEY("nonexistenshit"), "", 0, do_404, ANONYMOUS|BOGUS); /* Exploit found in the wild January 2009 */