Printable View
Let's say there's some kind of exploit that involves an HTTP query
made against a certain script. For argument sake, /badscript.php
On a server with a lot of VirtualHosts, is there any way to globally
block any/all "/badscript.php" requests across all of the websites?
I believe not, because directly after the http connection is opened,
apache decides on the virtualhost based on the query and therefore the config there counts.
Two ways,
1) inject something like
in your apache config in each virtual host via e.g. sedCode:RewriteEngine on
RewriteRule ^/badscript.php - [F]
2) why not just delete badscript.php?
Code:find /<PATH_TO_YOUR_DOCROOTS> -type f -name "badscript.php" -delete
3) try to block only the malicious query string via an appropiate RewriteCond/RewriteRule
Needless to say, this is not encouraged from a technical point of view.
(So be careful not to mention it to business ;) )
This is only 15 minute solution, what if there is /badscript4.php etc.? Just delete it.Quote:
Originally Posted by thehemi