Forum

Hi

First i'd like to thanks for this great free software. I use it on a small torrent tracker, where it has replaced lighttpd, mainly because of the latest security problems with lighty and also because it simply performs alot better.

My problem with hiawatha is with GET requests, containing binary urlencoded data, for instance url.com?foo=%D6%E5p%A1%A1%18, it will result in a 403 Forbidden error message. I've tried to disable all the ban triggers i could find, however, no success in fixing this. Any suggestions on how to fix this?

Best regards,
Claus

Most of the time, when an URL contains suchs binary characters, it's because someone is trying to hack your server. The dangerous characters are those below ASCII 32 (space). Those are special control character with special meanings in many applications. By default, Hiawatha will deny an URL which contains characters with an ASCII value lower than 32. You can disable this via the hidden setting 'SecureURL':

VirtualHost {
    ...
    SecureURL = false
}

Be sure that your dangerouse characters are treated correctly!!

Hi Hugo,

Thanks alot for such a quick reply, really appreciated . And it of course worked like a charm. I have one question regarding the SecureURL, if it's possible to disable it on just 1 file? I really like the secure features of your software, and feel it's a shame to disable them.

I also got another error with urlencoded data when using pathinfo. http://url.com/foo.php/test works, but http://url.com/foo.php/test%A1 returns 404. Any suggestions on what can cause this?

Best regards,
Claus

The cause is a small bug. Has been fixed. Will be available in 6.11, which will be released today.