httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ed Sawicki>
Subject Re: [users@httpd] RedirectMatch
Date Tue, 20 Dec 2005 17:00:25 GMT
Joshua Slive wrote:
> On 12/19/05, Ed Sawicki <> wrote:
>>I'm administering an Apache server that runs PHP-based
>>Webapps that I have not written and cannot change. These
>>Webapps are being successfully attacked. Here's an
>>example from the log:
>> - - [19/Dec/2005:19:50:46 -0800] "GET
>>idDomain%253d0&unique=1135050643687 HTTP/1.1" 200 43
>>In this example, I'd like to detect the string "go.php"
>>and redirect the request elsewhere. I've tried to
>>use RedirectMatch but nothing I've tried works.
>>Here's just one example of the many, many statements
>>I've tried:
>>RedirectMatch   301 (.*)go\.php
>>This is Apache 2.0.46 with mod_alias loaded.
> Ouch.  Very old apache version with very vulnerable php apps.  You
> seem to be in a very bad situation.
> Anyway, the mod_alias directives cannot act on the query string (the
> part after the ?).

Ahhh, I must have missed this in the documentation. Thanks.


   If you need that, you can do something like
> RewriteEngine On
> RewriteCond %{QUERY_STRING} go\.php
> RewriteRule .* - [F]
> You can also look at mod_security (external module).
> Joshua.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message