?
Solved

apache redirection

Posted on 2003-02-19
3
Medium Priority
?
294 Views
Last Modified: 2010-03-04
i'm checking through my error log files in apache, and i'm seeing alot of potential hackers trying to get in my server via some weird URL's.

eg:
/usr/local/web/public_html/MSADC/root.exe
/usr/local/web/public_html/c/winnt/system32/cmd.exe
/usr/local/web/public_html/scripts/..%5c../winnt/system32/cmd.exe

i know probably they won't get anything out of it since i'm running a non MS OS.. but i'd just like to redirect these attempts to a generic page. i'd probably include something insulting on this page as well. :)

so i was wondering how i can do it. i've tried adding 'Alias' into my httpd.conf.. but it'll only work if the URL is something like: http://mydomain.com/scripts/ and it doesn't when the URL is: http://mydomain.com/scripts/anything.html

so how can i redirect any imbeciles that tries to access a non-existent directory such as /scripts/*.* ??
0
Comment
Question by:Zoidalingomania
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Accepted Solution

by:
samri earned 140 total points
ID: 7981014
Hi Zoidalingomani,

There are a few ways that you could deal.

First of all, most of the URL would not be available, you could customize your 404 Error code to point to some cgi, or some other website.

Other approach would be using LocationMatch, or FilesMatch

http://httpd.apache.org/docs/mod/core.html#locationmatch
http://httpd.apache.org/docs/mod/core.html#filesmatch

I would believe FilesMatch would be better

<FilesMatch "\.(exe)$">
#  ..your stuff here
# you could totally deny access by "Deny all", or redirect to other places (CGI script for example).
</FilesMatch>

Using mod_rewrite would be another approached (complicated).  But should work.

hope these helps.

cheers.
0
 

Author Comment

by:Zoidalingomania
ID: 7984900
hi samri,

thanks for that. tried it.. but didn't work as expected. however, based on your tip, i've looked up RedirectMatch and was able to redirect any attempt to specified files to anywhere i want.. which is excellent.


thanks for your effort.. and will reward you accordingly for helping out!

Cheers!
0
 
LVL 15

Expert Comment

by:samri
ID: 7991500
Hi Zoidalingomani,

Great!  You managed to figure it out.

Welcome to EE.  Please visit the HelpDesk to get the most out of EE - http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month9 days, 18 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question