[wp-trac] [WordPress Trac] #3067: WP sends incomplete GET request
prior to executing pings.
WordPress Trac
wp-trac at lists.automattic.com
Thu Aug 24 21:45:47 GMT 2006
#3067: WP sends incomplete GET request prior to executing pings.
----------------------+-----------------------------------------------------
Reporter: theshaft | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone:
Component: XML-RPC | Version: 2.0.4
Severity: normal | Keywords: pingback, user-agent
----------------------+-----------------------------------------------------
If WP is set to send pingbacks and a new post contains URLs to some other
blog posts, wordpress, prior to sending the pingbacks (execute-pings.php),
sends GET requests to the other blogs so to determine if these URLs are
valid. In these GET requests, the User-Agent header is set to nothing,
instead of being set to "WordPress X.X.X" or whatever.
This becomes a problem when the web server on either end rejects requests
that do not include a valid User-Agent header. For example, rejecting such
requests either with mod_rewrite or mod_security, then pingbacks are never
sent or received.
How to reproduce:
Both of these methods are very common in order to avoid badly written bots
or whatever.
'''- 1 -''' with mod_rewrite:
set this rewrite rule and try to send a pingback:
{{{
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^.*$ - [F]
}}}
'''- 2 -''' with mod_security:
set these rules and try to send pingback:
{{{
SecFilterScanPOST On
SecFilterSelective REQUEST_METHOD "!^GET$" chain
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-
urlencoded|^multipart/form-data|^text/xml)"
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
}}}
'''Expected results:'''
The pingback should be sent from blogA and received by blogB
'''Actual Results:'''
The pingback never reaches the other end.
--
Ticket URL: <http://trac.wordpress.org/ticket/3067>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list