Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 83
  • Last Modified:

htaccess question

Hello,

I am running a php server and keep getting thousands of requests for a .asp file that is clearly not on the server. I want to throw them off the site, it is crashing the server.

I have this as a rule in my htaccess:

RewriteCond %{THE_REQUEST} ^[A-Z]+\s([^\s]+)\.asp\s
RewriteRule .*$ http://127.0.0.1 [R=301,L]
RewriteRule ^(.*)\.asp$ http://127.0.0.1

Open in new window


but this address is still loading, I am guessing that it is because there is a variable, how can I block these too?

https://domain.com/sm_login.asp?SID=ot8klbtvok43ga6gvchl74pd56

Open in new window


Matt
0
movieprodw
Asked:
movieprodw
  • 4
  • 3
1 Solution
 
Ugo MenaCommented:
+FollowSymLinks must be enabled for any rules to work, this is a security requirement of the rewrite engine. Normally it's enabled in the root and you shouldn't have to add it, but it doesn't hurt to do so.

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.+)\.asp$ http://redirectToThisLink.html [R,NC]

Open in new window

0
 
gheistCommented:
Server crashes for other reasons.
Serving 404 errors is very lightweight action within core.

There should be some other deficiency that makes server crash.
Please filter ASP 404 from error logs and check better stuff that may crash your server.
0
 
movieprodwAuthor Commented:
Not if you are using magento and the 404 page is a magento loaded page.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
gheistCommented:
Is your apache using a lot of RAM?
0
 
movieprodwAuthor Commented:
Ultralites,

That did not work. The URL is still loading and showing the magento 404 page.

RewriteCond %{THE_REQUEST} ^[A-Z]+\s([^\s]+)\.asp\s
RewriteRule .*$ http://127.0.0.1 [R=301,L]
RewriteRule ^(.*)\.asp$ http://127.0.0.1

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.+)\.asp$ http://127.0.0.1 [R,NC]

Open in new window

0
 
movieprodwAuthor Commented:
gheist, the ram is very low but I am getting these DDoS style attacks where they are loading thousands of .asp?sid=xxxxxx urls and it is clogging up the bandwidth and using all of the ram
0
 
gheistCommented:
It is not DDOS. it is attempt to take over old ASP session (not ASPx), you are compeltely immune to the attack, though your apache configuration could wish better.
At least remove heavy 404 page provided by Magento - it serves no purpose, just does damage and grief.

Could you try to manage moving on to worker MPM and php-cgi linked with mod_fcgid? That will greatly reduce memory consumption - namely you will have small apache like with no modules, and few PHP backends of large RAM
0
 
movieprodwAuthor Commented:
Thanks
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now