DrZork101
asked on
"Invalid URI In Request Get" in apache log
Hi,
I am audtiting my logs for security issues and am wondering what people make of these errors:
[client 93.186.30.241] Invalid URI in request GET /../stylesheets/style.css HTTP/1.0, referer: http://www.example.com/
[client 93.186.30.242] Invalid URI in request GET /../stylesheets/style.css HTTP/1.0, referer: http://www.example.com/
[client 93.186.30.242] Invalid URI in request GET /../javascripts/javascript
[client 93.186.30.242] Invalid URI in request GET /../javascripts/javascript
[client 93.186.30.240] Invalid URI in request GET /../stylesheets/style.css HTTP/1.0, referer: http://www.example.com/
[client 93.186.30.240] Invalid URI in request GET /../javascripts/javascript
[client 93.186.30.243] Invalid URI in request GET /../stylesheets/s.css HTTP/1.0, referer: http://www.example.com/
I have replaced the file names etc. to not expose stuff.
Obviouisly the IPs are consecutive to dodgy to say the least also the actual location of the files is not ../ but ./ from the root so not sure whats going on there.
Thanks,
Julian
I am audtiting my logs for security issues and am wondering what people make of these errors:
[client 93.186.30.241] Invalid URI in request GET /../stylesheets/style.css HTTP/1.0, referer: http://www.example.com/
[client 93.186.30.242] Invalid URI in request GET /../stylesheets/style.css HTTP/1.0, referer: http://www.example.com/
[client 93.186.30.242] Invalid URI in request GET /../javascripts/javascript
[client 93.186.30.242] Invalid URI in request GET /../javascripts/javascript
[client 93.186.30.240] Invalid URI in request GET /../stylesheets/style.css HTTP/1.0, referer: http://www.example.com/
[client 93.186.30.240] Invalid URI in request GET /../javascripts/javascript
[client 93.186.30.243] Invalid URI in request GET /../stylesheets/s.css HTTP/1.0, referer: http://www.example.com/
I have replaced the file names etc. to not expose stuff.
Obviouisly the IPs are consecutive to dodgy to say the least also the actual location of the files is not ../ but ./ from the root so not sure whats going on there.
Thanks,
Julian
Those IP addresses seem to be linked to the Blacberry HQ in the UK. Perhaps someone there found something interesting on your site & got their colleagues to have a look - another plausible reason for the close set of IP addresses.
ASKER
Hi Barthax,
Thanks for your comments, I think I have found the issue:
my urls are like this:
http://www.example.com/page1
and i have htaccess rewriting them using:
RewriteRule ^(.*)$ index.php?VAR=$1 [L,QSA]
and an htaccess file in the images etc. folder to not rewrite.
However, when someone goes to http://www.example.com/page1/ the page laods fine but the images etc. can not be found. How should I modify my htaccess settingto fix this issue?
Thanks,
Julian
Thanks for your comments, I think I have found the issue:
my urls are like this:
http://www.example.com/page1
and i have htaccess rewriting them using:
RewriteRule ^(.*)$ index.php?VAR=$1 [L,QSA]
and an htaccess file in the images etc. folder to not rewrite.
However, when someone goes to http://www.example.com/page1/ the page laods fine but the images etc. can not be found. How should I modify my htaccess settingto fix this issue?
Thanks,
Julian
I would think this problem could be easily rectified by using absolute URL's, especially if the page that is being viewed has been "rewritten" using mod_rewrite. Instead of using relative URL's, which assume that the folders always exist one level below the current page, use absolute. So the path to "../stylesheets/style.css"
Relative URL's are rarely the way to go, especially once anything "magical" (such as URL rewriting) gets into the mix.
Relative URL's are rarely the way to go, especially once anything "magical" (such as URL rewriting) gets into the mix.
I agree with crazedsanity: absolute URLs for all common resources are simplest. The alternative is having a lot of code inside your pages to work out what the current URL request is, where your page sits in relation to the files intended and to work out the difference...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The next thing would be someone trying to find an exploit to access files external to your DocumentRoot.
To determine which is more likely, do you genuinely have stylesheets and javascripts directories in the site and they contain the files indicated (or have done)? If yes, then it is far more likely an incorrect relative path in your HTML than it is an attack.