[geeklog-devel] Blocking those inclusion attempts
Dirk Haun
dirk at haun-online.de
Sat Dec 15 05:22:32 EST 2007
Does anyone see a problem with a .htaccess rule like this?
RewriteEngine On
RewriteCond %{THE_REQUEST} http:
RewriteRule .* - [L,F]
This would block all requests that contain "http:" in the URL. It's
aimed at the script kiddies' standard inclusion attempts, e.g.
65.92.189.139 - - [15/Dec/2007:05:15:21 -0500] "GET /forum/viewtopic.php?
showtopic=http://laudanskisucksss.chat.ru/placeholder/image? HTTP/1.1"
403 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
1.1.4322)"
Blocking the libwww-perl user agent used to help against most of these,
but the majority are now coming with faked UA strings of popular
browsers, so I had to come up with something else.
It doesn't block the search for URLs, since the colon is escaped there:
.../search.php?query=http%3A%2F%2Fproject.geeklog.net&type=...
So that's fine. Are there any other legit requests that anyone can think
of that contain "http:"?
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
More information about the geeklog-devel
mailing list