From 9ed7f28ba62fe0686979674faa54ec2cb96f70af Mon Sep 17 00:00:00 2001
From: bashrc <bob@libreserver.org>
Date: Sun, 5 Apr 2026 17:18:25 +0100
Subject: [PATCH] Check for bad cookies

---
 httpheaders.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/httpheaders.py b/httpheaders.py
index a539cc560..0a3b68a19 100644
--- a/httpheaders.py
+++ b/httpheaders.py
@@ -275,8 +275,17 @@ def contains_suspicious_headers(headers: {}) -> bool:
        'think-lang' in headers or \
        'Think-lang' in headers:
         return True
+
     headers_str = str(headers)
     sus_strings = ('../../', '.php/', 'index.php', 'passwd=', 'PHPSESSID')
     if string_contains(headers_str, sus_strings):
         return True
+
+    # check for bad cookies
+    if 'Cookie:' in headers_str:
+        cookie_str = headers_str.split('Cookie:')[1]
+        if '=' in cookie_str:
+            cookie_name = cookie_str.split('=')[0].strip()
+            if cookie_name != 'epicyon':
+                return True
     return False