[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

apache redirection

i'm checking through my error log files in apache, and i'm seeing alot of potential hackers trying to get in my server via some weird URL's.

eg:
/usr/local/web/public_html/MSADC/root.exe
/usr/local/web/public_html/c/winnt/system32/cmd.exe
/usr/local/web/public_html/scripts/..%5c../winnt/system32/cmd.exe

i know probably they won't get anything out of it since i'm running a non MS OS.. but i'd just like to redirect these attempts to a generic page. i'd probably include something insulting on this page as well. :)

so i was wondering how i can do it. i've tried adding 'Alias' into my httpd.conf.. but it'll only work if the URL is something like: http://mydomain.com/scripts/ and it doesn't when the URL is: http://mydomain.com/scripts/anything.html

so how can i redirect any imbeciles that tries to access a non-existent directory such as /scripts/*.* ??
0
Zoidalingomania
Asked:
Zoidalingomania
  • 2
1 Solution
 
samriCommented:
Hi Zoidalingomani,

There are a few ways that you could deal.

First of all, most of the URL would not be available, you could customize your 404 Error code to point to some cgi, or some other website.

Other approach would be using LocationMatch, or FilesMatch

http://httpd.apache.org/docs/mod/core.html#locationmatch
http://httpd.apache.org/docs/mod/core.html#filesmatch

I would believe FilesMatch would be better

<FilesMatch "\.(exe)$">
#  ..your stuff here
# you could totally deny access by "Deny all", or redirect to other places (CGI script for example).
</FilesMatch>

Using mod_rewrite would be another approached (complicated).  But should work.

hope these helps.

cheers.
0
 
ZoidalingomaniaAuthor Commented:
hi samri,

thanks for that. tried it.. but didn't work as expected. however, based on your tip, i've looked up RedirectMatch and was able to redirect any attempt to specified files to anywhere i want.. which is excellent.


thanks for your effort.. and will reward you accordingly for helping out!

Cheers!
0
 
samriCommented:
Hi Zoidalingomani,

Great!  You managed to figure it out.

Welcome to EE.  Please visit the HelpDesk to get the most out of EE - http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now