Symlinks Causing Recursive Tight Loops

  • Resolved badrobot

    (@cyouse)


    8 years ago

    Wild card SSL is implemented using 2 symlinks. One is www and the other is the same as the 2nd level domain name. The 2nd level domain name symlink causes the scan to loop recursively even when it is placed in the file filter list. The www symlink does not. This is a serious issue that renders the duplicator plugin unusable by anyone who has wild card SSL because the symlinks are the smoke and mirrors that allow users to enter all variations of the url with and without www using either http, https or neither and be redirected to the site.

    As it stands now I am unable to use the duplicator because of this issue because it is imperative that site be accessible and redirected to the secure connection for all possible combinations of requests where the default www 3rd level domain is left blank and not specified. Examples:

    2ndleveldomain.org
    https://2ndleveldomain.org
    https://2ndleveldomain.org

    Each of these cases must be capable of redirecting seamlessly to https://www.2ndleveldomain.org. In a wildcard SSL situation this is accomplished, in this example, by having a www symlink and a symlink named 2ndleveldomain.

    Now more than ever it is important for sites to be secured as much as possible. This means implementing SSL. And this, in turn, means using wildcard SSL in situations where sub-domains will be used. I urge you to prioritize this issue and at least get the scan to bypass the 2nd level domain symlink if it is placed in the file filter list.

    • This topic was modified 8 years ago by badrobot.
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Symlinks Causing Recursive Tight Loops’ is closed to new replies.

Tags