URL 中的句点导致 ColdFusion 错误 [英] Periods in URL causes ColdFusion error

问题描述

我目前遇到用户(或机器人，不确定)访问子目录中包含三个句点的不存在链接的问题.

I am currently having issues with users (or bots, not sure) visiting non-existent links that have three periods in a sub-directory.

例如，如果有人去:

http://www.example.com/.../test/index.cfm?

然后我收到以下错误:

String index out of range: -1 null
The error occurred on line -1.

我只用 1 个句点和 2 个句点对其进行了测试，它直接出现 404 错误.任何具有 3 个或更多句点的链接都会导致此错误.

I have tested it with just 1 period and just 2 periods and it goes straight to a 404 error. Any link though that has 3 or more periods will cause this error.

我的问题是我能做些什么来阻止这种情况发生?我的想法是将它们发送到 404 错误页面或重定向它们.我怎么能这样做?

My question is what can I do to stop this from happening? My thoughts are to send them to a 404 error page or redirect them. How could I do that?

我在 Microsoft-IIS/7.0 上运行 ColdFusion 8.0.1.

I am running ColdFusion 8.0.1 on Microsoft-IIS/7.0.

从 Miguel-F 编辑

我在 IIS 7.5 上使用 ColdFusion 9.0.1 复制了这个问题，并且在 PCI 扫描期间也注意到了这个问题.

I have duplicated this issue with ColdFusion 9.0.1 on IIS 7.5 and also noticed it during PCI scans.

错误:

java.lang.StringIndexOutOfBoundsException

堆栈跟踪:

java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at
java.lang.AbstractStringBuilder.delete(Unknown Source) at 
java.lang.StringBuffer.delete(Unknown Source) at 
coldfusion.util.Utils.collapseDotDots(Utils.java:647) at 
coldfusion.util.Utils.canonicalizeURI(Utils.java:601) at 
coldfusion.filter.PathFilter.invoke(PathFilter.java:43) at 
coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at 
coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at
coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at 
coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at 
coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at 
coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at 
coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at 
coldfusion.CfmServlet.service(CfmServlet.java:201) at 
coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at 
jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at 
coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at
coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at 
jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at 
jrun.servlet.FilterChain.service(FilterChain.java:101) at 
jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at 
jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at 
jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at 
jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at 
jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203) at 
jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at 
jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)

推荐答案

既然你在 IIS 上，我想你可以使用 IIS URL rewrite 拦截并发送一个HTTP 400(错误请求)错误.

Since you are on IIS, I would think you could use IIS URL rewrite to intercept and send a HTTP 400 (bad request) Error.

它会在它到达 Coldfusion 之前捕获它.

That'll catch it before it gets to Coldfusion.

这篇关于URL 中的句点导致 ColdFusion 错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！