httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Rodenbiker <jrodenbi...@rodenbiker.net>
Subject [users@httpd] Blocking invalid URIs?
Date Fri, 10 Mar 2006 21:58:41 GMT
I'm very new to running a web server.

Is there a way to have httpd drop requests to URIs that don't actually 
exist in my environment?

For example, if I have a very simple web site with just the document 
"index.html" I don't want people trying to access 
"../../../../../users/john/secretstuff". I would prefer such attempts 
be dropped, logged, and an alert thrown to my mailbox or a script that 
calls my cell phone.

If such functionality exists, is there a way for httpd to automatically 
figure out which URIs are valid and which are not without me changing a 
database, config file, etc. every time I update my site?

It seems like this is an obvious way to prevent a host of attacks on my 
web server like buffer-overflow attempts, attempts to exploit a 
mis-configuration of the server, cross-site scripting attacks, etc. I 
just can't figure out where to look to turn this on and configure it.

Thanks.
-- 
Freedom, Truth, Love, Beauty.
John Rodenbiker
jrodenbiker@rodenbiker.net



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message