Re: Block access to "OPTIONS *"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sorry to put in here, but is there away for me to test to see if my server is affected by this OPTIONS issue?  I have cPanel / WHM and ConfigServer Firewall installed and just about every day, I see CSF blocking users from trying to hack in using some known hacking kit.   Something with the word w00t in it and blackhat.   I'd just like to make sure I got all exploitable services closed.   Thanks!

On Thu, Feb 11, 2016 at 6:50 PM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:
Hello,

On Thu, Feb 11, 2016 at 10:56 PM, Toomas Aas <toomas.aas@xxxxxxxxxxx> wrote:
>
> Approach 1:
> -------------------------------------
> RewriteCond %{REQUEST_METHOD} OPTIONS
> RewriteRule .* - [R=405,L]
> -------------------------------------

You also need to set:
  RewriteOptions AllowAnyURI
for this to work.

But since this option could open some dangerous doors (see [1]), I
also suggest to use something like:
  RewriteRule ^[^/] - [R=403,L]
just after "Approach 1" above, so to deny any URI not starting with '/'.

Regards,
Yann.

[1] http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriteoptions

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux