I'm very new to running a web server.
Is there a way to have httpd drop requests to URIs that don't actually
exist in my environment?
For example, if I have a very simple web site with just the document
"index.html" I don't want people trying to access
"../../../../../users/john/secretstuff". I would prefer such attempts
be dropped, logged, and an alert thrown to my mailbox or a script that
calls my cell phone.
If such functionality exists, is there a way for httpd to automatically
figure out which URIs are valid and which are not without me changing a
database, config file, etc. every time I update my site?
It seems like this is an obvious way to prevent a host of attacks on my
web server like buffer-overflow attempts, attempts to exploit a
mis-configuration of the server, cross-site scripting attacks, etc. I
just can't figure out where to look to turn this on and configure it.
Thanks.
--
Freedom, Truth, Love, Beauty.
John Rodenbiker
jrodenbiker@xxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL: http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|