Www Webmaster esearchm
searcho Recreation r Webmaster e Szh Asearchp Your 
e Your rh Szh s Www asearchc Www z Recreation esearchr Www h
Your s Www Fairview S Centers e Centers r Webmaster h Fairview is Fairview a Centers c Www W Resources e Webmaster rsearchh Recreation asearchtsearchr Www I will make sure to review this topic more thoroughly so that I get a better grasp on how .htaccess files work. Another thing I'll have to look into is what exactly my web host does and does not support.
Was looking over htaccess things back in February this year. 9 months and so many pages later (not to mention all the side branches) and we're almost looking at a different animal.
Quick question - where do error pages now fit into the htaccess scheme of things?
I'm putting in the finishing touches to a project - as in building on one of these CMS things. Thus far their htaccess file consists of the following lines:
|
From all of the foregoing I should know where to put in most of the code. What I would like to find out, should the above lines appear at the beginning or be used at the end?
|
On the other hand, Rewrite Conditions and their associated RewriteRules should be placed in descending order based on their priority, so that the worst offenders can be blocked, or redirected as fast as possible, without having to parse the entire file to match a User Agent, Referer, or IP address. I accomplish this by placing all of my fixed IP deny from rules before the RewriteCond rules. The next section contains the Rewrite conditions, with the most serious threats dealt with at the top of the list, and the broad IP ranges and search query restrictions at the bottom of that group.
Wiz
thanks for the follow up. Was thinking the same thing. Had it that way before but noticing that the "landscape" had changed some what and this wasn't mentioned or made obvious, ended up wondering what people were doing now.
Put the said file into action and it was doing its work right away. Will leave it serving up 403's for awhile to get a feel for what is happening out there before making changes and going the next step - as in putting in traps and the like. Thanks again.
In case you haven't been welcomed yet, welcome to WebmasterWorld!
I'm happy to hear that our collective advise is helping you fight off the Borg.
Your logs will help you to formulate the placement order of the rules. It is possible to have multiple RewriteRules, each ending in [L]. This means that if the condition matches that the rule is applied and processing halts there. That's why we try to move the worst offenders to the top of the list, or create special case rules for the likes of the FormMail spammers.
Another thing to watch is how many 403s you are serving. If the number becomes very high, and the custom 403 page is 2 or 3 kb, you might want to consider writing a smaller (100 -200 bytes) main 403 file that just says "Access Denied" and provide a link in it to another 403(b) page that offers explanations about your policies and restrictions. I have two 403 pages like that. Sometimes I end up 403-ing visitors who have inherited a dirty IP, and I offer an explanation to them as to why they were denied access.
Wiz
Here is what seems to be a new one for the books. Well, a variation on a theme at least. Got this on my log today:
|
Needless to say this a frontpage thing. Have never used it and don't intend to. The web host provides fp extensions and I have left them in - to assess their merits and the "unwanted attention" they may receive.
The question that begs here is - if I put in that fp mod rewrite, will this stop this particular type of intrusion?
As an aside, didn't find anything here on fp30reg.dll. However, a search throws up reems on security exploits relating to the use of this particular file.
The entry you quoted does not contain the needed 259+ byte data string to overflow the buffer. I guess the S.K. is first testing for the presence of FrontPage 2000, then, if it exists, he will test for a return value of the .dll file to see if it is the unpatched version (unlikely), and then send a 259 byte attack to try to bring down the stupidly unpatched server.
If you are worried about this attempted test for an exploit, and another one I just saw, just use this code:
RewriteCond %{} (MSOffice¦_vti¦sumthin) [NC,OR]
RewriteRule .* - [F]
Happy hunting
Wiz
Thanks for getting back on this one so quickly.
Strange - have that item in as:
|
Do you think removing ^/ would have any effect?
On another matter, what's the verdict on LinkWalker. In the early sections of this thread it was included but seems to have disappeared off the "hotlist". Got hit by that as well.
Jim