On 1/28/2014 10:09 AM, Eric K. Dickinson wrote:
It looks like there are a couple of problems. In a regex, * means match zero or more of the previous character. So beginning with a * is a regex error. Also, since your pattern is in a capture group followed by a *, it says to match zero or more of the entire pattern. Since a "." matches any character, we'll quote the "." characters in the regex to exactly match the "." characters. Try something like this:Good Morning. We have a bunch of WordPress sites. We also have a requirement to be scanned by Nessus and AppScan. This drives the caching on WordPress nuts. I have been able to significantly reduce this with a ReWriteRule. RewriteEngine on RewriteRule .*\.(dll|ini|exe|com)$ - [R=404,NC] RewriteRule .*(etc\/passwd)$ - [R=404,NC] It has helped a lot. However... RewriteRule *(\/..\/..\/..\/..\/)* - [R=404,NC] RewriteRule *(\\...\\...\\...\\)* - [R=404,NC] Has Not.
RewriteRule .*\.\.\/\.\.\/\.\.\/\.\..* - [R=404] RewriteRule .*\.\.\.\\\.\.\.\\\.\.\.\\\.\.\..* - [R=404]The second problem is that sometimes what you're trying to match is in the query string, which the pattern matching in a RewriteRule doesn't look at. Instead, add a RewriteCond that looks at the query string:
RewriteCond %{QUERY_STRING} .*\.\.\/\.\.\/\.\.\/\.\..*
RewriteRule .* - [R=404]
RewriteCond %{QUERY_STRING} .*\.\.\.\\\.\.\.\\\.\.\.\\\.\.\..*
RewriteRule .* - [R=404]
Hope that helps,
Michael S
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|