So I found a weird “quirk” related to my webhosting company this evening. In the entry about reaons it’s great to be a guy, the word c-u-r-l was included. This turns out to have triggered a nice “feature” my webhost has in place to maintain security.
If the post has “w-g-e-t” or “c-u-r-l” in it, then this was blocked by mod_security.
What is the w-g-e-t he is taking about?
GNU W-g-e-t is a free software program that implements simple and powerful content retrieval from web servers and is part of the GNU project. Its name is derived from World Wide Web and get, connotative of its primary function. It currently supports downloading via HTTP, HTTPS, and FTP protocols, the most popular TCP/IP-based protocols used for web browsing.
W-g-e-t’s features include recursive download, conversion of links for offline viewing of local HTML, support for proxies, and much more. It appeared in 1996, coinciding with the boom of popularity of the web, causing its wide use among Unix users and distribution with all major Linux distributions. Written in portable C, W-g-e-t can be easily installed on any Unix-like system and has been ported to diverse environments, including Mac OS X, Microsoft Windows, and OpenVMS.
And What is the c-u-r-l he is taking about?
PHP supports libc-u-r-l, a library created by Daniel Stenberg, that allows you to connect and communicate to many different types of servers with many different types of protocols. libc-u-r-l currently supports the http, https, ftp, gopher, telnet, dict, file, and ldap protocols. libc-u-r-l also supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading (this can also be done with PHP’s ftp extension), HTTP form based upload, proxies, cookies, and user+password authentication.
Lastly, what is mod_security?
Running public web applications may seem like playing Russian roulette. Although achieving robust security on the Web is possible in theory, there’s always a weak link in real life. It only takes one slip of the code to allow attackers unrestricted access to your data. If you have a public web application of modest complexity running, chances are good that is has some kind of security problem. Take this URL for example:
If your application is vulnerable to SQL injection, invoking the URL above may very well delete all user data from your application. Do you make regular database backups?
So basically mod_security checks everything going through the webserver to make sure it isn’t outputting these designated danger words/phrases that could unintentionally (or intentionally) lead to information being disclosed that one did not intent to have public. I don’t know about you…but I learned several things tonight.