Rule 420006: Block use of HTML processor for anonymous users
Purpose
Blocks use of Trac's HTML processor in tickets and the wiki for anonymous (= not authenticated) users in tickets, ticket comments and the wiki. This processor is frequently abused by spammers to directly post HTML links to their sites, while it is rarely used by legitimate anonymous users on most sites.
Looks for POSTs without trac_auth cookie, having the string "#!html" in either the summary, description, comment or text form parameter.
Example
--0be87e3d-A-- [23/Apr/2007:15:16:08 +0200] eODqH6wQKoYAAHJ@BmsAAAAH XX.XX.XX.XX 2552 217.24.1.134 80 --0be87e3d-B-- POST /ticket/771 HTTP/1.1 Accept: */* Referer: http://madwifi.org/ticket/771 Accept-Language: ru Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Host: madwifi.org Content-Length: 261 Connection: Keep-Alive Cache-Control: no-cache Cookie: trac_form_token=8612c4b72d2b0fe89bb4f3da; trac_session=6c1ddf911d1bd72d14e55495 --0be87e3d-C-- __FORM_TOKEN=8612c4b72d2b0fe89bb4f3da&author=anonymous&comment=%7B%7B%7B%0D%0A%23%21html%0D%0A%3Ca+href%3D%22http%3A%2F%2Fdomain.tld%2Fgames%2Fmoped%2Fmoped-scooter%2Findex.html%22%3EMoped%3C%2Fa%3E%0D%0A%7D%7D%7D&action=leave&ts=1160269872&replyto=&cnum=7 --0be87e3d-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Keep-Alive: timeout=5, max=512 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --0be87e3d-H-- Message: Warning. Pattern match "^/(wiki/|ticket/|newticket|simpleticket).*$" at REQUEST_URI. [id "420099"] [rev "1"] [msg "Suspicious Post"] Message: Access denied with code 403 (phase 2). Pattern match "\\#\\!html" at ARGS:comment. [id "420006"] [rev "1"] [msg "HTML preprocessor disallowed for anonymous"] Action: Intercepted (phase 2) Stopwatch: 1177334168218143 61675 (1006* 1196 -) Producer: ModSecurity v2.1.0 (Apache 2.x) Server: Apache/2.2.3 (Debian) DAV/2 SVN/1.4.2 mod_python/3.2.10 Python/2.4.4 WebApp-Info: "trac.madwifi" "-" "-" --0be87e3d-Z--
Protected handlers
- newticket
- simpleticket
- ticket
- wiki
See also
- Spam type description: html processor spam
History
- rev:1
- Initial version.
