Closed bohungi closed 2 years ago
It seems like too much information is revealed if someone follows a URL such as
https://emath.math.ualberta.ca/garbage
The system then responds with what I copied below. It may give hackers more information about the inner workings of eMath than what we would like to reveal. Instead, can we use something generic like:
---- System response to an invalid URL --- Using the URLconf defined in eMath.urls, Django tried these URL patterns, in this order:
^uploadNewCommand/(?P.+)/$ ^uploadTex/(?P.+)/$ ^newCommandUpdate/(?P.+)/$ ^api-token-auth/ ^current-user/ ^user-person/ ^user-auth/ author/ signup/ view/// authoring// setup// ^getToc/$ [name='TOC-list'] ^getToc.(?P[a-z0-9]+)/?$ [name='TOC-list'] ^getToc/(?P[^/.]+)/$ [name='TOC-detail'] ^getToc/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='TOC-detail'] ^root/$ [name='Roots-list'] ^root.(?P[a-z0-9]+)/?$ [name='Roots-list'] ^root/(?P[^/.]+)/$ [name='Roots-detail'] ^root/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Roots-detail'] ^content/$ [name='Content-list'] ^content.(?P[a-z0-9]+)/?$ [name='Content-list'] ^content/(?P[^/.]+)/$ [name='Content-detail'] ^content/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Content-detail'] ^para/$ [name='Para-list'] ^para.(?P[a-z0-9]+)/?$ [name='Para-list'] ^para/(?P[^/.]+)/$ [name='Para-detail'] ^para/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Para-detail'] ^Level/$ [name='Level-list'] ^Level.(?P[a-z0-9]+)/?$ [name='Level-list'] ^Level/(?P[^/.]+)/$ [name='Level-detail'] ^Level/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Level-detail'] ^book/$ [name='RootLevels-list'] ^book.(?P[a-z0-9]+)/?$ [name='RootLevels-list'] ^book/(?P[^/.]+)/$ [name='RootLevels-detail'] ^book/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='RootLevels-detail'] ^nextLevel/$ [name='NextLevel-list'] ^nextLevel.(?P[a-z0-9]+)/?$ [name='NextLevel-list'] ^nextLevel/(?P[^/.]+)/$ [name='NextLevel-detail'] ^nextLevel/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='NextLevel-detail'] ^indexItem/$ [name='IndexItem-list'] ^indexItem.(?P[a-z0-9]+)/?$ [name='IndexItem-list'] ^indexItem/(?P[^/.]+)/$ [name='IndexItem-detail'] ^indexItem/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='IndexItem-detail'] ^newCommand/$ [name='newCommand-list'] ^newCommand.(?P[a-z0-9]+)/?$ [name='newCommand-list'] ^newCommand/(?P[^/.]+)/$ [name='newCommand-detail'] ^newCommand/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='newCommand-detail'] ^texShortcut/$ [name='texShortcut-list'] ^texShortcut.(?P[a-z0-9]+)/?$ [name='texShortcut-list'] ^texShortcut/(?P[^/.]+)/$ [name='texShortcut-detail'] ^texShortcut/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='texShortcut-detail'] ^newCommandUpdate/$ [name='newCommandUpdate-list'] ^newCommandUpdate.(?P[a-z0-9]+)/?$ [name='newCommandUpdate-list'] ^newCommandUpdate/(?P[^/.]+)/$ [name='newCommandUpdate-detail'] ^newCommandUpdate/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='newCommandUpdate-detail'] ^label/$ [name='Label-list'] ^label.(?P[a-z0-9]+)/?$ [name='Label-list'] ^label/(?P[^/.]+)/$ [name='Label-detail'] ^label/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Label-detail'] ^getLabel/$ [name='getLabel-list'] ^getLabel.(?P[a-z0-9]+)/?$ [name='getLabel-list'] ^getLabel/(?P[^/.]+)/$ [name='getLabel-detail'] ^getLabel/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='getLabel-detail'] ^person/$ [name='Person-list'] ^person.(?P[a-z0-9]+)/?$ [name='Person-list'] ^person/(?P[^/.]+)/$ [name='Person-detail'] ^person/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Person-detail'] ^usermod/$ [name='Usermod-list'] ^usermod.(?P[a-z0-9]+)/?$ [name='Usermod-list'] ^usermod/(?P[^/.]+)/$ [name='Usermod-detail'] ^usermod/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Usermod-detail'] ^user/$ [name='User-list'] ^user.(?P[a-z0-9]+)/?$ [name='User-list'] ^user/(?P[^/.]+)/$ [name='User-detail'] ^user/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='User-detail'] ^$ [name='api-root'] ^.(?P[a-z0-9]+)/?$ [name='api-root'] admin/ ^js/(?P.*)$
It seems like too much information is revealed if someone follows a URL such as
https://emath.math.ualberta.ca/garbage
The system then responds with what I copied below. It may give hackers more information about the inner workings of eMath than what we would like to reveal. Instead, can we use something generic like:
---- System response to an invalid URL --- Using the URLconf defined in eMath.urls, Django tried these URL patterns, in this order:
^uploadNewCommand/(?P.+)/$
^uploadTex/(?P.+)/$
^newCommandUpdate/(?P.+)/$
^api-token-auth/
^current-user/
^user-person/
^user-auth/
author/
signup/
view///
authoring//
setup//
^getToc/$ [name='TOC-list']
^getToc.(?P[a-z0-9]+)/?$ [name='TOC-list']
^getToc/(?P[^/.]+)/$ [name='TOC-detail']
^getToc/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='TOC-detail']
^root/$ [name='Roots-list']
^root.(?P[a-z0-9]+)/?$ [name='Roots-list']
^root/(?P[^/.]+)/$ [name='Roots-detail']
^root/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Roots-detail']
^content/$ [name='Content-list']
^content.(?P[a-z0-9]+)/?$ [name='Content-list']
^content/(?P[^/.]+)/$ [name='Content-detail']
^content/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Content-detail']
^para/$ [name='Para-list']
^para.(?P[a-z0-9]+)/?$ [name='Para-list']
^para/(?P[^/.]+)/$ [name='Para-detail']
^para/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Para-detail']
^Level/$ [name='Level-list']
^Level.(?P[a-z0-9]+)/?$ [name='Level-list']
^Level/(?P[^/.]+)/$ [name='Level-detail']
^Level/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Level-detail']
^book/$ [name='RootLevels-list']
^book.(?P[a-z0-9]+)/?$ [name='RootLevels-list']
^book/(?P[^/.]+)/$ [name='RootLevels-detail']
^book/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='RootLevels-detail']
^nextLevel/$ [name='NextLevel-list']
^nextLevel.(?P[a-z0-9]+)/?$ [name='NextLevel-list']
^nextLevel/(?P[^/.]+)/$ [name='NextLevel-detail']
^nextLevel/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='NextLevel-detail']
^indexItem/$ [name='IndexItem-list']
^indexItem.(?P[a-z0-9]+)/?$ [name='IndexItem-list']
^indexItem/(?P[^/.]+)/$ [name='IndexItem-detail']
^indexItem/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='IndexItem-detail']
^newCommand/$ [name='newCommand-list']
^newCommand.(?P[a-z0-9]+)/?$ [name='newCommand-list']
^newCommand/(?P[^/.]+)/$ [name='newCommand-detail']
^newCommand/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='newCommand-detail']
^texShortcut/$ [name='texShortcut-list']
^texShortcut.(?P[a-z0-9]+)/?$ [name='texShortcut-list']
^texShortcut/(?P[^/.]+)/$ [name='texShortcut-detail']
^texShortcut/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='texShortcut-detail']
^newCommandUpdate/$ [name='newCommandUpdate-list']
^newCommandUpdate.(?P[a-z0-9]+)/?$ [name='newCommandUpdate-list']
^newCommandUpdate/(?P[^/.]+)/$ [name='newCommandUpdate-detail']
^newCommandUpdate/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='newCommandUpdate-detail']
^label/$ [name='Label-list']
^label.(?P[a-z0-9]+)/?$ [name='Label-list']
^label/(?P[^/.]+)/$ [name='Label-detail']
^label/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Label-detail']
^getLabel/$ [name='getLabel-list']
^getLabel.(?P[a-z0-9]+)/?$ [name='getLabel-list']
^getLabel/(?P[^/.]+)/$ [name='getLabel-detail']
^getLabel/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='getLabel-detail']
^person/$ [name='Person-list']
^person.(?P[a-z0-9]+)/?$ [name='Person-list']
^person/(?P[^/.]+)/$ [name='Person-detail']
^person/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Person-detail']
^usermod/$ [name='Usermod-list']
^usermod.(?P[a-z0-9]+)/?$ [name='Usermod-list']
^usermod/(?P[^/.]+)/$ [name='Usermod-detail']
^usermod/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='Usermod-detail']
^user/$ [name='User-list']
^user.(?P[a-z0-9]+)/?$ [name='User-list']
^user/(?P[^/.]+)/$ [name='User-detail']
^user/(?P[^/.]+).(?P[a-z0-9]+)/?$ [name='User-detail']
^$ [name='api-root']
^.(?P[a-z0-9]+)/?$ [name='api-root']
admin/
^js/(?P.*)$