Improve company productivity with a Business Account.Sign Up

x
?
Solved

htaccess question

Posted on 2015-01-06
8
Medium Priority
?
86 Views
Last Modified: 2015-01-23
Hello,

I am running a php server and keep getting thousands of requests for a .asp file that is clearly not on the server. I want to throw them off the site, it is crashing the server.

I have this as a rule in my htaccess:

RewriteCond %{THE_REQUEST} ^[A-Z]+\s([^\s]+)\.asp\s
RewriteRule .*$ http://127.0.0.1 [R=301,L]
RewriteRule ^(.*)\.asp$ http://127.0.0.1

Open in new window


but this address is still loading, I am guessing that it is because there is a variable, how can I block these too?

https://domain.com/sm_login.asp?SID=ot8klbtvok43ga6gvchl74pd56

Open in new window


Matt
0
Comment
Question by:movieprodw
  • 4
  • 3
8 Comments
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 40533943
+FollowSymLinks must be enabled for any rules to work, this is a security requirement of the rewrite engine. Normally it's enabled in the root and you shouldn't have to add it, but it doesn't hurt to do so.

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.+)\.asp$ http://redirectToThisLink.html [R,NC]

Open in new window

0
 
LVL 62

Expert Comment

by:gheist
ID: 40534063
Server crashes for other reasons.
Serving 404 errors is very lightweight action within core.

There should be some other deficiency that makes server crash.
Please filter ASP 404 from error logs and check better stuff that may crash your server.
0
 
LVL 1

Author Comment

by:movieprodw
ID: 40534074
Not if you are using magento and the 404 page is a magento loaded page.
0
A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

 
LVL 62

Expert Comment

by:gheist
ID: 40534086
Is your apache using a lot of RAM?
0
 
LVL 1

Author Comment

by:movieprodw
ID: 40534088
Ultralites,

That did not work. The URL is still loading and showing the magento 404 page.

RewriteCond %{THE_REQUEST} ^[A-Z]+\s([^\s]+)\.asp\s
RewriteRule .*$ http://127.0.0.1 [R=301,L]
RewriteRule ^(.*)\.asp$ http://127.0.0.1

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.+)\.asp$ http://127.0.0.1 [R,NC]

Open in new window

0
 
LVL 1

Author Comment

by:movieprodw
ID: 40534097
gheist, the ram is very low but I am getting these DDoS style attacks where they are loading thousands of .asp?sid=xxxxxx urls and it is clogging up the bandwidth and using all of the ram
0
 
LVL 62

Accepted Solution

by:
gheist earned 2000 total points
ID: 40534100
It is not DDOS. it is attempt to take over old ASP session (not ASPx), you are compeltely immune to the attack, though your apache configuration could wish better.
At least remove heavy 404 page provided by Magento - it serves no purpose, just does damage and grief.

Could you try to manage moving on to worker MPM and php-cgi linked with mod_fcgid? That will greatly reduce memory consumption - namely you will have small apache like with no modules, and few PHP backends of large RAM
0
 
LVL 1

Author Closing Comment

by:movieprodw
ID: 40565951
Thanks
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Virtualization software lets you run different versions of Windows, Ubuntu Linux and other versions of Linux all at the same time, rather than running each one directly from your computer's hard drive.
Laravel is the most sought after web development framework. It comes with ample amount of features that make it easy for developers to work around it. Know about its features in detail.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

602 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question