Active TopicsActive Topics  Display List of Forum MembersMemberlist  HelpHelp   RegisterRegister  LoginLogin
LinkFreeze support forum
 Helicon Tech : LinkFreeze support forum
Subject Topic: Problem with this type of URL Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
Brown-Hornettt
Newbie
Newbie


Joined: 30 May 2007
Location: United States
Online Status: Offline
Posts: 26
Posted: 06 June 2007 at 10:10pm | IP Logged Quote Brown-Hornettt

I believe LinkFreeze has a problem with this type of URL

http://www.tryit-buyit.com//addpad.php?padurl=http://www.tryit-buyit.com/mypad.xml&padcat=Audio+%26amp%3B+Multimedia%3A%3AAudio+Encoders%2FDecoders

When I enable LinkFreeze (Latest Version) on my site http://www.tryit-buyit.com  With the following configuration

#################################################
# LinkFreeze Configuration file
# Version 2, 2, 0, 71


LogRewrite=False
NotifyOrder=HIGH


/  ~~~ .php  [Redirect]

The above link get's rewritten to this

http://www.tryit-buyit.com/addpad.htm~padurl~http://www.tryit-buyit.com/mypad.xml~padcat~Audio+%26amp%3B+Multimedia%3A%3AAudio+Encoders%2FDecoders

Which looks right but I only get a 404 ????????

Another problem is a flash calendar that I have on the site that disappears when ever LinkFreeze is enabled ??????? Below is the code that is included into the script in order to enable the calendar to Display / Function.......

<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="175" height="146" align="middle">
<param name="allowScriptAccess" value="sameDomain" />
<param name="movie" value="calendar.swf?link=calendar-data.php&owner=phpjabbers.com" /><param name="quality" value="high" />
<param name="bgcolor" value="#EFFFFF" />
<embed src="calendar.swf?link=calendar-data.php&owner=phpjabbers.com" quality="high" bgcolor="#FFFFFF" width="175" height="146" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" />
</object>

Could someone please HELP ME figureout how I can configure LinkFreeze in order to allow the above to problems to be solved !!!!

PLEASE NOTE:

                     The above URL(Original) is use to submitt a program to my directory..... So right now I have LinkFreeze DISABLED on my site until I can hopefully get it working the way I need it too.  This is also why the calendar is currently working.....
Back to Top View Brown-Hornettt's Profile Search for other posts by Brown-Hornettt Visit Brown-Hornettt's Homepage
 
Yaroslav
Moderator Group
Moderator Group


Joined: 15 August 2002
Online Status: Offline
Posts: 6466
Posted: 08 June 2007 at 4:49am | IP Logged Quote Yaroslav
This is because of unencoded // sequence in URL. In your first example this sequence was in query string, but after LinkFreeze it is moved to the directory path part of URL (from the point of view of IIS) and IIS block it as a directory traversal attack. You need to URLEncode all parameters if you wnat to use LinkFreeze. Actually it is a good practice to URLEncode all parameters even without LinkFreeze.

__________________
Yaroslav Govorunov,
Helicon Tech
Back to Top View Yaroslav's Profile Search for other posts by Yaroslav Visit Yaroslav's Homepage
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum