Author Topic: web beacon found within stylesheet linkTag  (Read 2608 times)


  • Newbie
  • *
  • Posts: 38
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
web beacon found within stylesheet linkTag
« on: May 22, 2002, 07:17:14 AM »
--- (in the Yahoo!Prox-list forum) Michael B?rschgens wrote:
> I've found the following line in a webpage:
> <link rel=stylesheet type="text/css"
> href="">
> Since I've never seen this before I think it is a new idea to slip
> through filters.

--- my reply:

Yep, it's definitely a web beacon ~~ calling that URL returned
a zero-length text/html content-typed document.

Here's the counteracting webfilter I propose:

Name = "strip web beacons posing as stylesheets"
Active = TRUE
Bounds = "<links*>
Limit = 512
Match = "*rel=$AV(stylesheet)*&"

Here's my rationale:

~~ 512byte limit because the LINK tag may be padded with with several

~~ path to a valid CSS should never have a questionMark or equalSign
(I've seen valid stylesheets returned with commas in the path, FWIW)

~~ the file extension patterns might seem "obvious" but if they're
not explicitly stated, "href=pathname/MuckUp.css.cgi" could slip by

~~ Although dot-css is the convention, I continually encounter a lot
of dot-txt -named stylesheets

Discussion invited:
Should the filter also include (look for) .asp and other executables?
I think accounting for the common script extensions is enough ~~
because, eventually... some dastardly weenie will just
serve all his stylesheets from a webserver which has configured so that ".css" files are associated with (handled by) perl and are executable. The script will transparently count ya & will return the (a) valid stylesheet.




  • Administrator
  • Hero Member
  • *****
  • Posts: 778
    • ICQ Messenger - 1448105
    • AOL Instant Messenger - aflaaten
    • Yahoo Instant Messenger - arneflaa
    • View Profile
    • http://
    • Email
web beacon found within stylesheet linkTag
« Reply #1 on: May 22, 2002, 09:25:09 AM »
This is very nice. I only get it to work when I remove the backslash in red though:

Match = "*rel=$AV(stylesheet)*&"

Thanks for this filter!

Best wishes
Imici username: Arne
Best wishes
Imici username= Arne