httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric K. Dickinson" <eric.dickin...@nih.gov>
Subject Re: [users@httpd] RewriteEngine
Date Mon, 10 Feb 2014 14:04:09 GMT
Thank you very much.
I gave it a go... Still no Joy, the attempts at directory recursion 
still end up in the access log...

More reading.

eric

On 02/07/2014 10:31 AM, Michael Streeter wrote:
> On 1/28/2014 10:09 AM, Eric K. Dickinson wrote:
>> Good Morning.
>>
>> We have a bunch of WordPress sites.
>> We also have a requirement to be scanned by Nessus and AppScan.
>> This drives the caching on WordPress nuts.
>>
>> I have been able to significantly reduce this with a ReWriteRule.
>>
>> RewriteEngine on
>> RewriteRule .*\.(dll|ini|exe|com)$ - [R=404,NC]
>> RewriteRule .*(etc\/passwd)$ - [R=404,NC]
>>
>>
>> It has helped a lot.
>>
>> However...
>> RewriteRule *(\/..\/..\/..\/..\/)* - [R=404,NC]
>> RewriteRule *(\\...\\...\\...\\)* - [R=404,NC]
>>
>>
>> Has Not.
> It looks like there are a couple of problems.  In a regex, * means match
> zero or more of the previous character.  So beginning with a * is a
> regex error.  Also, since your pattern is in a capture group followed by
> a *, it says to match zero or more of the entire pattern.  Since a "."
> matches any character, we'll quote the "." characters in the regex to
> exactly match the "." characters.  Try something like this:
>
> RewriteRule .*\.\.\/\.\.\/\.\.\/\.\..* - [R=404]
> RewriteRule .*\.\.\.\\\.\.\.\\\.\.\.\\\.\.\..* - [R=404]
>
> The second problem is that sometimes what you're trying to match is in
> the query string, which the pattern matching in a RewriteRule doesn't
> look at.  Instead, add a RewriteCond that looks at the query string:
>
> RewriteCond %{QUERY_STRING} .*\.\.\/\.\.\/\.\.\/\.\..*
> RewriteRule .* - [R=404]
>
> RewriteCond %{QUERY_STRING} .*\.\.\.\\\.\.\.\\\.\.\.\\\.\.\..*
> RewriteRule .* - [R=404]
>
> Hope that helps,
> Michael S
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message