httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: [users@httpd] deny announce.php torrent requests
Date Thu, 12 Mar 2015 08:59:54 GMT
Hi,

On Thu, Mar 12, 2015 at 4:13 AM, el kalin <kalin@el.net> wrote:
>
> so far i have tried this:
>
> with mod_security (within modsecurity.conf):
>
> SecRule REQUEST_URI "\?info_hash\=" "phase:2,id:'10000002',t:none,rev:1,severity:2,log,deny,msg:'Torrent
Announce Hit Detected'"
>
> here i can see in the audit log that "Connection: closed" but i can still
> see all the request in the virtual domain's log (vs the mod sec_audit log).
> and still see the http ESTABLISHED connections  (via netstat) just
> lingering.

I think you need either an action that drops the connection (deny =>
drop, without any response!), or a status code that implies
"Connection: close" (deny,status=503 for example, whereas the default
403 keeps the connection alive).

>
> with mod_rewrite (in global context):
>
> <IfModule mod_rewrite.c>
>     RewriteEngine on
>     RewriteRule ^/announce$ - [F]
>     RewriteRule ^/announce\.php$ - [F]
> </IfModule>
>
> also
>
> <Directory /path/to/affected/virtual/domain/document/root>
>     RewriteEngine On
>     RewriteRule ^/announce$ - [F]
>     RewriteRule ^/announce\.php$ - [F]
> </Directory>

Same here with [R=503] (and prossibly the L flag too).

Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message