[Ach] Recommendations creating CSRs
Hanno Böck
hanno at hboeck.de
Wed Oct 15 18:38:04 CEST 2014
Am Tue, 14 Oct 2014 22:12:06 +0200
schrieb "A. Schulze" <sca at andreasschulze.de>:
> Also, are you willing to share https://hboeck.de/hkp.php
> or are there reference implementations?
Sure, it's just not very exciting :-) See below.
I have something similar for csp, I may unify them and create something
releaseworthy.
I already get a bunch of malformed requests to this. This is kinda
interesting, I don't know why they happen, seems some people
investigate header information for URLs and check what they find there.
<?php
$csp_to = "some at mailadress";
$csp_info = "Host: ".$_SERVER['HTTP_HOST']."\n";
$csp_info .= "Request URI: ".$_SERVER['REQUEST_URI']."\n";
if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
$csp_info .= "Referrer: ".$_SERVER['HTTP_REFERER']."\n";
}
$csp_info .= "Remote IP: ".$_SERVER['REMOTE_ADDR']."\n";
$csp_info .= "User agent: ".$_SERVER['HTTP_USER_AGENT']."\n";
$csp_info .= "CSP JSON POST data:\n\n";
$csp_info .= str_replace( ",", ",\n", file_get_contents('php://input')
);
mail($csp_to, "HKP Warning: Possible XSS on
".$_SERVER['HTTP_REFERRER'], $csp_info); echo "ok";
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20141015/3bef2aae/attachment.sig>
More information about the Ach
mailing list