Re: mod_rewrite or mod_access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: mod_rewrite or mod_access
From: "Jack Stone" <antennex@xxxxxxxxxxx>
Date: Wed, 29 Aug 2007 07:43:16 -0500
In-reply-to: <813716b60708250838v4d287e79ubde23079e5f94caf@xxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx
Reply-to: orvilleg@xxxxxxxxxxx

From: "Vincent Bray" <noodlet@xxxxxxxxx>
Reply-To: users@xxxxxxxxxxxxxxxx
To: users@xxxxxxxxxxxxxxxx, orvilleg@xxxxxxxxxxx
Subject: Re:  mod_rewrite or mod_access
Date: Sat, 25 Aug 2007 22:38:58 +0700

On 25/08/07, Jack Stone <antennex@xxxxxxxxxxx> wrote:
> We still use MSFrontPage on certain sites and was wondering how best to

> block visitors who use FP in attempts to abuse the sites, BUT, not blockour

> own valid users?
>

> Figured best to use mod_rewrite or mod_access for this purpose, butunsure

> of the syntax to use on those vhost containers where we may have the
> conflicts.
>

Either should work. First with mod_access (as it is in 2.0)

<Location /_vti_bin/_vti_aut/author.exe>
 Deny from all
</Location>

.. or fancier ..

<LocationMatch ^/_vti_bin/_vti_(evil|regex)>
 Deny from all
</LocationMatch>

Or with mod_rewrite:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^trusted.host.pattern$
RewriteRule ^/_vti - [F]

This basically says, if the address looks like some frontpage nonsense
and the client isn't coming from a known address, don't change the URL
(the - part), and forbid [F] the request.

You can probably get fancier still with mod_security, where fancy
includes stuff like time based abuse escallation, and just about any
conceivable formula based on the request (including any entity bodies,
which mod_rewrite can't see).

Good luck.

--
noodl

Noodl, I tried the mod_rewrite suggestion which was working until Idiscovered it was killing the FP counter. So, switched to this as a separaterewrite block by itself since I send the mass downloaders to a special pageexplainy why blocked:


RewriteCond %{REMOTE_ADDR} !^xx.xx.xx.xx$
RewriteCond %{HTTP_USER_AGENT} FrontPage [NC,OR]
RewriteCond %{HTTP_USER_AGENT} MSFrontPage [NC]
RewriteRule ^.* - [F,L]

I think this is doing the trick now.

Many thanks!

Jack

_________________________________________________________________

Learn.Laugh.Share. Reallivemoms is right place!http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

References:
- Re: mod_rewrite or mod_access
  - From: Vincent Bray

Prev by Date: RE: Unclean restarts
Next by Date: Virtual Servers vs Virtual Private Servers
Previous by thread: Re: mod_rewrite or mod_access
Next by thread: Thanks you two
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]