: URL requests with [object] in place of parameter values We're seeing requests to our server with the literal [object] replacing the values where parameters should be. For example: http://example.com/users/[object].
We're seeing requests to our server with the literal [object] replacing the values where parameters should be. For example: example.com/users/[object].
I've found some suggestions that it might be something to do with IE9 but we can't quite nail it down. See this.
Has anyone else seen this behaviour? Have you managed to nail down what the problem is?
More posts by @Yeniel560
2 Comments
Sorted by latest first Latest Oldest Best
Its very possible that a piece of buggy Javascript code with ajax functionality in it is making requests to example.com/users/[object] instead of example.com/users/wanteditem. If your webpages contain Javascript, try to make the page function without javascript and then you can rule out Javascript.
Also, check your server logs and you should at least find an IP address next to the line that shows [object]. Also look for the referrer field in the log (which is likely the last entry in apache logs) as well as the time the request happened. If there are multiple requests for [object] where the time between each is less than a few seconds apart, then chances are, someone or something may be trying to find a vulnerability in your server. A cure would be to block the offending IP address.
Another thing you can do is use mod_rewrite to filter URLs if your server is apache and you have sufficient access to .htaccess files. By this, I mean you can make it so that if URL's contain strange characters, you can make the server show an page with an HTTP status of 410 (aka GONE). This has the advantage of telling any search engine (particularly Google) that may have such screwed up URLs indexed to stop indexing them.
The URL's you see in your log files are probably generated by a JavaScript coming from an old Internet Explorer.
In a modern browser, in JavaScript, if you convert an object to a string and if the Object.prototype.toString() is no not overwritten you obtain:
[object Object]
But in old version of Internet Explorer like IE8 you just obtain:
[object]
So the URL's you see are probably coming from buggy scripts running in old Internet Explorer.
P.S.: As Google search engine removes all special characters like [ and ], I use the SymbolHound search engine to find the answer to this question.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.