Good Morning. We have a bunch of WordPress sites. We also have a requirement to be scanned by Nessus and AppScan. This drives the caching on WordPress nuts. I have been able to significantly reduce this with a ReWriteRule. RewriteEngine on RewriteRule .*\.(dll|ini|exe|com)$ - [R=404,NC] RewriteRule .*(etc\/passwd)$ - [R=404,NC] It has helped a lot. However... RewriteRule *(\/..\/..\/..\/..\/)* - [R=404,NC] RewriteRule *(\\...\\...\\...\\)* - [R=404,NC] Has Not. (from the access log)XXX.XXX.XXX.XXX - - [27/Jan/2014:21:49:32 -0500] "GET /search?NS-query-pat=../../../../../../../../../etc/passwd HTTP/1.1" 500 - "-" "Mozilla/4.0 (compatible"
XXX.XXX.XXX.XXX - - [27/Jan/2014:20:40:45 -0500] "GET /...\\...\\...\\...\\...\\...\\...\\...\\...\\windows\\win.ini HTTP/1.1" 404 249 "-" "Mozilla/4.0 (compatible"
I have been stymied by creating a regex to catch the attempts at directory recursion.
It cannot be that hard. What am i missing. Thank you eric --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|