Find the answer to your Linux question:
Results 1 to 4 of 4
Let's say there's some kind of exploit that involves an HTTP query made against a certain script. For argument sake, /badscript.php On a server with a lot of VirtualHosts, is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Banned
    Join Date
    Dec 2002
    Location
    Texas
    Posts
    242

    Block HTTP query globally in Apache


    Let's say there's some kind of exploit that involves an HTTP query
    made against a certain script. For argument sake, /badscript.php

    On a server with a lot of VirtualHosts, is there any way to globally
    block any/all "/badscript.php" requests across all of the websites?

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,377
    I believe not, because directly after the http connection is opened,
    apache decides on the virtualhost based on the query and therefore the config there counts.

    Two ways,
    1) inject something like
    Code:
    RewriteEngine on
    RewriteRule ^/badscript.php - [F]
    in your apache config in each virtual host via e.g. sed

    2) why not just delete badscript.php?
    Code:
    find /<PATH_TO_YOUR_DOCROOTS> -type f -name "badscript.php" -delete
    You must always face the curtain with a bow.

  3. #3
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,377
    3) try to block only the malicious query string via an appropiate RewriteCond/RewriteRule
    Needless to say, this is not encouraged from a technical point of view.
    (So be careful not to mention it to business )
    You must always face the curtain with a bow.

  4. #4
    Just Joined!
    Join Date
    Oct 2010
    Posts
    10
    Quote Originally Posted by thehemi View Post
    Let's say there's some kind of exploit that involves an HTTP query
    made against a certain script. For argument sake, /badscript.php

    On a server with a lot of VirtualHosts, is there any way to globally
    block any/all "/badscript.php" requests across all of the websites?
    This is only 15 minute solution, what if there is /badscript4.php etc.? Just delete it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •