1

Using Apache 2.2.x -- my usual approach to blocking script kiddies from looking for various scripts on the server is to use dynamically created 'deny from' lists with the offending ip's. Works, but is always at least a step behind.

So, thinking about using mod_rewrite to real-time send malicious users looking for a specific script somewhere else (specifically, forcing a 403 error). I've tried a couple of things, but they don't seem to be working. For example, suppose the script is evildoing.php. Some script kiddie somewhere runs bots looking for this script on my server -- e.g., an URL might be http://www.myserver.com/evildoing.php. So, in httpd.conf,

<IfModule mod_rewrite.c>
  RewriteEngine On
  ReWriteCond ${REQUEST_URI} evildoing.php [NC]
  RewriteRule ^(.*)$ - [F,L]
</IfModule>

But, this doesn't work - at least, not as written. [And yes, mod_rewrite is statically compiled into apache on this machine.]

Pointers to the obvious thing I'm doing wrong? [First time using rewrite, so...]

Johnny Canuck
  • 141
  • 1
  • 2

1 Answers1

0
ReWriteCond ${REQUEST_URI} evildoing.php [NC]
RewriteRule ^(.*)$ - [F,L]

You access server variables using %{VAR} syntax, not ${VAR} (that's for other defined variables). However, you don't need a separate condition here. The following would be sufficient:

RewriteRule ^/evildoing\.php$ - [F]

Assuming the rule is directly in the server or virtualhost config (not a <Directory> container). If in a directory context then remove the slash prefix.

You do not need the L flag here as it is implied when using F.

And it doesn't look like this need to be a case-insensitive match? (Assuming you are not on Windows.)

And you shouldn't wrap the directives in an <IfModule> container, unless they are optional.

However, you don't need to use mod_rewrite here. You could instead use a <Files> container and Deny (Apache 2.2). For example:

<Files "evildoing.php">
    Deny from all
</Files>

Although strictly speaking this blocks evildoing.php anywhere on your filesystem (if it could exist in multiple directories).

MrWhite
  • 12,647
  • 4
  • 29
  • 41
  • Thanks - a good start. But, what if I have a set of 'bad scripts' I want to block access to -- some .php, some .pl, say. Say, 'evildoing', 'badguy' and 'hackerscum'. Would using FilesMatch and something like Deny from all be the way to go? – Johnny Canuck Apr 07 '23 at 22:29
  • And, I've seen examples where the filename is quoted (as in your example), and examples where it isn't. Gotta be one or the other... – Johnny Canuck Apr 07 '23 at 22:30