demienx
asked on
Rewrite rules continue processing
Hello,
I have the following rewrite rules for a given virtualhost. I do want that when a image is requested with a referer from a not
allowed site, the apache engine stops processing any further reqrite rules [L], however it appears that apache keeps processing
the rules from the 3rd to lst when the referer is from a not allowed domain.
Can someone show me the lingth on why this is happening?
Thanks in advance.
--- httpd.conf sample --------------------------
RewriteEngine On
# block user agents
RewriteCond %{HTTP_USER_AGENT} ^.*MSFrontpage.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Frontpage.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Backweb.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Bandit.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Ants.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Buddy.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*zip.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Crawler.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Wget.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Grabber.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Sucker.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Downloader.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Siphon.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Collector.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Snagger.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Widow.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Snake.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Vacuum.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Pump.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Teleport.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Reaper.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Mag-Net.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Memo.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*pcBrowser.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*leech.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Stripper.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Offline.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Copier.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Mirror.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*mister.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*HMView.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*HTTrack.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*JOC.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*likse.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Recorder.*$
RewriteRule ^/.+ - [F]
# block viruses and script kiddies
RewriteCond %{THE_REQUEST} default.ida
RewriteRule ^.*$ - [G,L]
RewriteCond %{THE_REQUEST} cmd.exe
RewriteRule ^.*$ - [G,L]
RewriteCond %{THE_REQUEST} root.exe
RewriteRule ^.*$ - [G,L]
RewriteCond %{THE_REQUEST} /scripts/
RewriteRule ^.*$ - [G,L]
RewriteCond %{THE_REQUEST} /cgi-bin/src/redirect.php
RewriteRule ^.*$ - [G,L]
RewriteCond %{THE_REQUEST} /cgi-bin/biztalkhttpreceiv
RewriteRule ^.*$ - [G,L]
RewriteCond %{THE_REQUEST} /cgi-bin/mailbox.php3
RewriteRule ^.*$ - [G,L]
RewriteCond %{THE_REQUEST} _vti_
RewriteRule ^.*$ - [G,L]
RewriteCond %{THE_REQUEST} shell.exe
RewriteRule ^.*$ - [G,L]
<VirtualHost 123.123.123.123>
ServerName www.site.com
ServerAlias site.com
ScriptAlias /cgi-bin/ /www/site.com/cgi-bin/
DocumentRoot /www/site.com/
RewriteEngine On
RewriteOptions inherit
RewriteLog /usr/local/apache/logs/sit
RewriteLogLevel 9
RewriteCond %{HTTP_REFERER} !^http://(www\.)?site\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?goodsite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png|JPEG?
</VirtualHost>
--------------------------
--- Rewrite log for a request from not allowed domain --------------------------
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (2) init rewrite engine with requested uri /image.gif
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (3) applying pattern '\.(jpe?g|gif|bmp|png|JPEG
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (4) RewriteCond: input='http://badsite.com/hotlink.html' pattern='!^http://(www\.)?site\.com/' => matched
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (4) RewriteCond: input='http://badsite.com/hotlink.html' pattern='!^$' => matched
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (2) rewrite /image.gif -> [L]
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (3) applying pattern '^/.+' to uri '[L]'
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (3) applying pattern '^.*$' to uri '[L]'
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='default.ida' => not-matched
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (3) applying pattern '^.*$' to uri '[L]'
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='cmd.exe' => not-matched
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (3) applying pattern '^.*$' to uri '[L]'
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='root.exe' => not-matched
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (3) applying pattern '^.*$' to uri '[L]'
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='/scripts/' => not-matched
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (3) applying pattern '^.*$' to uri '[L]'
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='/cgi-bin/src/redi
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (3) applying pattern '^.*$' to uri '[L]'
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='/cgi-bin/biztalkh
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (3) applying pattern '^.*$' to uri '[L]'
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='/cgi-bin/mailbox.
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (3) applying pattern '^.*$' to uri '[L]'
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='_vti_' => not-matched
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (3) applying pattern '^.*$' to uri '[L]'
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='shell.exe' => not-matched
111.222.111.222 - - [02/Apr/2005:13:46:55 -0500] [www.site.com/sid#81f247c][rid#8271034/initial] (2) local path result: [L]
--------------------------
--- Rewrite log for a request from allowed domain --------------------------
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (2) init rewrite engine with requested uri /image.gif
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (3) applying pattern '\.(jpe?g|gif|bmp|png|JPEG
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='http://goodsite.com/hotlink.html' pattern='!^http://(www\.)?site\.com/' => matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='http://goodsite.com/hotlink.html' pattern='!^http://(www\.)?goodsite\.com/' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (3) applying pattern '^/.+' to uri '/image.gif'
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*MSFrontpage.*$
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Frontpage.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Backweb.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Bandit.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Ants.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Buddy.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*zip.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Crawler.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Wget.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Grabber.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Sucker.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Downloader.*$'
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Siphon.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Collector.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Snagger.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Widow.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Snake.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Vacuum.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Pump.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Teleport.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Reaper.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Mag-Net.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Memo.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*pcBrowser.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*leech.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Stripper.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Offline.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Copier.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Mirror.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*mister.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*HMView.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*HTTrack.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*JOC.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*likse.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)' pattern='^.*Recorder.*$' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (3) applying pattern '^.*$' to uri '/image.gif'
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='default.ida' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (3) applying pattern '^.*$' to uri '/image.gif'
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='cmd.exe' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (3) applying pattern '^.*$' to uri '/image.gif'
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='root.exe' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (3) applying pattern '^.*$' to uri '/image.gif'
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='/scripts/' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (3) applying pattern '^.*$' to uri '/image.gif'
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='/cgi-bin/src/redi
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (3) applying pattern '^.*$' to uri '/image.gif'
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='/cgi-bin/biztalkh
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (3) applying pattern '^.*$' to uri '/image.gif'
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='/cgi-bin/mailbox.
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (3) applying pattern '^.*$' to uri '/image.gif'
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='_vti_' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (3) applying pattern '^.*$' to uri '/image.gif'
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (4) RewriteCond: input='GET /image.gif HTTP/1.1' pattern='shell.exe' => not-matched
111.222.111.222 - - [02/Apr/2005:13:51:36 -0500] [www.site.com/sid#81f247c][rid#8272034/initial] (1) pass through /image.gif
--------------------------
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks!,
I just replaced with:
RewriteRule \.(jpe?g|gif|bmp|png|JPEG?
and works the best way :)