Results 1 to 4 of 4
Let's say there's some kind of exploit that involves an HTTP query made against a certain script. For argument sake, /badscript.php On a server with a lot of VirtualHosts, is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 10-14-2010 #1
- Join Date
- Dec 2002
Block HTTP query globally in Apache
made against a certain script. For argument sake, /badscript.php
On a server with a lot of VirtualHosts, is there any way to globally
block any/all "/badscript.php" requests across all of the websites?
- 10-14-2010 #2
I believe not, because directly after the http connection is opened,
apache decides on the virtualhost based on the query and therefore the config there counts.
1) inject something like
RewriteEngine on RewriteRule ^/badscript.php - [F]
2) why not just delete badscript.php?
find /<PATH_TO_YOUR_DOCROOTS> -type f -name "badscript.php" -deleteYou must always face the curtain with a bow.
- 10-14-2010 #3
3) try to block only the malicious query string via an appropiate RewriteCond/RewriteRule
Needless to say, this is not encouraged from a technical point of view.
(So be careful not to mention it to business )You must always face the curtain with a bow.
- 10-14-2010 #4
- Join Date
- Oct 2010