$Log$
+Revision 301.7 2001/09/25 03:34:09 ajc
+* Fix for WebCit servers running on port 80: detect Windoze worm-of-the-week
+ and bail out without bothering the Citadel server.
+
Revision 301.6 2001/08/22 16:38:06 ajc
* Added the "-c" command line option to generate optional cookies indicating
the host name of the server. This makes it easy to put a cluster of WebCit
1998-12-03 Nathan Bryant <bryant@cs.usm.maine.edu>
* webserver.c: warning fix
-
+/*
+ * Check for bogus requests coming from (for example) brain-dead
+ * Windoze boxes that are infected with the latest worm-of-the-week.
+ * If we detect one of these, bail out without bothering our Citadel
+ * server.
+ */
+int is_bogus(char *http_cmd) {
+
+ if (!strncasecmp(http_cmd, "GET /scripts/root.exe", 21)) return(1);
+ if (!strncasecmp(http_cmd, "GET /c/winnt", 12)) return(2);
+ if (!strncasecmp(http_cmd, "GET /MSADC/", 11)) return(3);
+
+ return(0); /* probably ok */
+}
+
+
/*
* This loop gets called once for every HTTP connection made to WebCit. At
} while (strlen(buf) > 0);
+ strcpy(buf, req->line);
+ fprintf(stderr, "%s\n", buf);
+
+ /* Check for bogus requests */
+ if (is_bogus(buf)) goto bail;
/*
* If requesting a non-root page, there should already be a cookie
* set. If there isn't, the client browser has cookies turned off
* (or doesn't support them) and we have to barf & bail.
*/
- strcpy(buf, req->line);
- fprintf(stderr, "%s\n", buf);
if (!strncasecmp(buf, "GET ", 4)) strcpy(buf, &buf[4]);
else if (!strncasecmp(buf, "HEAD ", 5)) strcpy(buf, &buf[5]);
if (buf[1]==' ') buf[1]=0;
pthread_mutex_unlock(&TheSession->SessionMutex); /* unbind */
/* Free the request buffer */
- while (req != NULL) {
+bail: while (req != NULL) {
hptr = req->next;
free(req);
req = hptr;