I'm very new to running a web server.Is there a way to have httpd drop requests to URIs that don't actually exist in my environment?
For example, if I have a very simple web site with just the document "index.html" I don't want people trying to access "../../../../../users/john/secretstuff". I would prefer such attempts be dropped, logged, and an alert thrown to my mailbox or a script that calls my cell phone.
If such functionality exists, is there a way for httpd to automatically figure out which URIs are valid and which are not without me changing a database, config file, etc. every time I update my site?
It seems like this is an obvious way to prevent a host of attacks on my web server like buffer-overflow attempts, attempts to exploit a mis-configuration of the server, cross-site scripting attacks, etc. I just can't figure out where to look to turn this on and configure it.
Thanks. -- Freedom, Truth, Love, Beauty. John Rodenbiker jrodenbiker@xxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|