[PHP] Apache blocking certain requests instead of php

[PHP] Apache blocking certain requests instead of php

Post by per » Fri, 25 Jul 2008 01:31:04



2 x yes. I think you could probably use <LocationMatch> and ban all
access with "Deny from all".


/Per Jessen, Zrich
 
 
 

[PHP] Apache blocking certain requests instead of php

Post by list » Fri, 25 Jul 2008 06:06:04


Yes, in Apache turn off userdir access

In your httpd.conf file do this.

UserDir disabled

That way it will not process url that starts with a tildy ~...

That should take care of it. Apache should then only report a 404 error to
the error log for the given virtual host.

--
Jim Lucas

"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
by William Shakespeare

 
 
 

[PHP] Apache blocking certain requests instead of php

Post by akuh » Fri, 25 Jul 2008 16:04:54

> I'm getting a lot of bogus requsts in the form of

Yes, in Apache turn off userdir access
In your httpd.conf file do this.
UserDir disabled
That way it will not process url that starts with a tildy ~...
That should take care of it. Apache should then only report a 404 error to
the error log for the given virtual host.

Most the requests though look more like
http://www.yqcomputer.com/ ://calebsbirth.pisem.su/caleb.htm?
without the tilde.

I was hoping there's a way to tell apache to block requests where
id=non_numeric.

Cheers
Arno
 
 
 

[PHP] Apache blocking certain requests instead of php

Post by dmagic » Fri, 25 Jul 2008 16:14:55


It's trying to do a remote inclusion.

It's easy for you to fix in php:

if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die("Die hacker die!");
}
}

I'm sure there would be a way to do it with ModRewrite or something but
it's 5 lines of code in php so I'd do it there *shrug*.

--
Postgresql & php tutorials
http://www.yqcomputer.com/
 
 
 

[PHP] Apache blocking certain requests instead of php

Post by borg » Fri, 25 Jul 2008 16:19:37


thats sudden! ;)




--
---
Bge Holen
http://www.yqcomputer.com/
 
 
 

[PHP] Apache blocking certain requests instead of php

Post by akuh » Fri, 25 Jul 2008 16:31:56

> Is there a

2 x yes. I think you could probably use <LocationMatch> and ban all access
with "Deny from all".

/Per Jessen, Zich

Thanks for replying Per. Isn't "Deny from all" more to do with apache
accessing local files on my server? These images aren't on my server, and
the requests aren't trying to access images on my server. What I see are
requests using the php script on my server to try access an image file (or
html or txt or php) on someone else's server. I was hoping there's a way to
tell apache to block requests where id=non_numeric.

Cheers
Arno
 
 
 

[PHP] Apache blocking certain requests instead of php

Post by akuh » Fri, 25 Jul 2008 16:35:21

> I was hoping there's a way to tell apache to block requests where

It's trying to do a remote inclusion.

It's easy for you to fix in php:

if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die("Die hacker die!");
}
}

I'm sure there would be a way to do it with ModRewrite or something but it's
5 lines of code in php so I'd do it there *shrug*.

Cheers
Arno
 
 
 

[PHP] Apache blocking certain requests instead of php

Post by dmagic » Fri, 25 Jul 2008 16:38:57


ok maybe a bit harsh :P

stop hacker stop ?

;)

--
Postgresql & php tutorials
http://www.yqcomputer.com/
 
 
 

[PHP] Apache blocking certain requests instead of php

Post by dmagic » Fri, 25 Jul 2008 16:39:54

> Thanks, I'm already doing something like that, but I want to stop it getting

http://www.yqcomputer.com/

Ask on an apache list how to use it.

--
Postgresql & php tutorials
http://www.yqcomputer.com/
 
 
 

[PHP] Apache blocking certain requests instead of php

Post by borg » Fri, 25 Jul 2008 16:57:30


I prefer die("");
it leaves a bit unsatisfaction for whoever generates the blank page





--
---
Bge Holen
http://www.yqcomputer.com/
 
 
 

[PHP] Apache blocking certain requests instead of php

Post by akuh » Fri, 25 Jul 2008 17:53:58

Hi Arno

No, when you use <Location> it's not filesystem specific any more. But I've
just found out that you can't match on the query-string.


I think you'll have to use URL rewriting.

Try this:

http://www.yqcomputer.com/

That should give you a 403.

http://www.yqcomputer.com/

Should give you a print_r() output.

This is the rewrite config:

Rewri *** gine on
RewriteCond %{QUERY_STRING} id=[^0-9]+
RewriteRule (/arnokuhl.*) $1 [f]

HTH
Per
------------------------

Many thanks for all your effort and help Per. That's exactly what I was
trying to achieve.

Cheers
Arno
 
 
 

[PHP] Apache blocking certain requests instead of php

Post by per » Fri, 25 Jul 2008 19:08:29


See my reply to Arno - in Apache it's only 2 lines of config. :-)


/Per Jessen, Zrich