RE: Apache blocking certain requests instead of php

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> I'm getting a lot of bogus requsts in the form of 
> "index.php?id=http://64.15.67.17/~babysona/logo.jpg?";, sometimes more 
> than a hundred a day per domain. The php script catches it, logs the 
> request, sends an email report and replies with "access denied", but 
> it takes processing which I'd rather not have php busy with. (The php 
> script rejects anything where id=something_not_numeric.) Is there a 
> way for apache to catch these requests before passing it to php? Is it 
> more efficient for apache to handle this than php?
> 
> Arno
> 

Yes, in Apache turn off userdir access
In your httpd.conf file do this.
UserDir disabled
That way it will not process url that starts with a tildy ~...
That should take care of it.  Apache should then only report a 404 error to
the error log for the given virtual host.

--
Thanks for the reply. Is that correct htough? I always thought in the
example 
http://mysite.com/index.php?id=http://64.15.67.17/~babysona/logo.jpg?
the url started with index.php...

Most the requests though look more like
http://mysite.com/index.php?id=http://calebsbirth.pisem.su/caleb.htm?
without the tilde.

I was hoping there's a way to tell apache to block requests where
id=non_numeric.

Cheers
Arno


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux