Re: [users@httpd] RedirectMatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Joshua Slive wrote:

On 12/19/05, Ed Sawicki <ed@xxxxxxxxxxxx> wrote:


I'm administering an Apache server that runs PHP-based
Webapps that I have not written and cannot change. These
Webapps are being successfully attacked. Here's an
example from the log:

66.57.121.127 - - [19/Dec/2005:19:50:46 -0800] "GET
/phplive/image_tracker.php?l=Bob&x=1&deptid=0&page=
http%3A//www.pcbpro.com/pcb-quote.php%3FWT.mc_id%3D
psepi00003%26referrer%3Dhttp%253a%252f%252fz-quest.com
%252fgo.php%253fidUser%253d36%2526z%253dasaphczzhihd
%2526idXmlFeed%253d37%2526idKeyword%253d145%2526
idSearchStatus%253d2%2526st%253d%2526url%253duggc
%253a%252f%252fgkpyvpx.rcvybg.pbz%252fpyvpx.nfck
%2540aoavhy%2540x%253dryrpgebavpf%2540aoaphy%2540o
%253d700%2540aoaphy%2540c%253drcvybg%2540aoaphy
%2540f%253dmdhrfgz%2540aoaphy%2540cbf%253d1%2540aoaphy
%2540g%253d24%2540aoaphy%2540xvq%253dQP8N5Q43-Q517-40O0-
87Q9-P281S6QN0458%2540aoaphy%2540rc%253d255%2540aoaphy
%2540fvq%253d815O3P57-3PS6-41S0-80S9-N79084865R39%2540
aoaphy%2540y%253duggc%253a%2540aoamhy%25402S%2540aoamhy
%25402Sjjj.cpoceb.pbz%2540aoamhy%25402Scpo-dhbgr.cuc
%2540aoamhy%25403SJG.zp_vq%253dcfrcv00003%2526ts
%253danaihxzszxhdzahczmzh%2526rb%253daaaphfhpzf
%2526is%253d66%25252E57%25252E121%25252E127%2526
idDomain%253d0&unique=1135050643687 HTTP/1.1" 200 43

In this example, I'd like to detect the string "go.php"
and redirect the request elsewhere. I've tried to
use RedirectMatch but nothing I've tried works.
Here's just one example of the many, many statements
I've tried:

RedirectMatch   301 (.*)go\.php        http://127.0.0.1

This is Apache 2.0.46 with mod_alias loaded.



Ouch.  Very old apache version with very vulnerable php apps.  You
seem to be in a very bad situation.

Anyway, the mod_alias directives cannot act on the query string (the
part after the ?).


Ahhh, I must have missed this in the documentation. Thanks.

Ed




  If you need that, you can do something like


RewriteEngine On
RewriteCond %{QUERY_STRING} go\.php
RewriteRule .* - [F]

You can also look at mod_security (external module).

Joshua.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux