httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Merton Campbell Crockett <m.c.crock...@roadrunner.com>
Subject [users@httpd] Rejecting Invalid URL With a 503 Status
Date Fri, 13 Jun 2008 16:41:25 GMT
It's been a few years since I've done any extensive work with Apache  
and could use some help with a server that I've inherited.

The Apache server is configured with a <VirtualHost> that is used to  
support a single, web-based collaboration tool.  The URL used to  
access the collaboration tool are in the following format.

	https://host.domain.com/anonymous/...
	https://host.domain.com/registered/...
	https://host.domain.com/resources/...

The strings--anonymous, registered, and resources--have an associated  
Alias that defines which <Location> container to be used to access a  
collaboration workspace.  The anonymous string is only used for  
registering a new user as a member of a collaboration workspace.

Looking at the Apache access log, it's clear that Apache is processing  
a lot of requests from systems probing for vulnerabilities.  Rather  
than have Apache process the request, I would like to immediately  
reject all requests with a 503, Service Unavailable, status.

Can this be done with a series of RewriteCond statements specifying  
each of the permitted strings followed by a RewriteRule that rejects  
the request and terminates processing?  Is there a better way of  
accomplishing this?

Merton Campbell Crockett
m.c.crockett@roadrunner.com




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message