4

What is the best way to reject a request coming from malicious scripts? I have a Zend application with modules. I have a list of URL's that the scanners are dialing, such as mywebsite.com/phpmyadmin, /webmail, /cpanel, etc. Right now, they are getting 404's, clogging up my error log. I'd like to 403 them from within the application. (Unless there is a better way to handle that)?

What is the fastest way to 403 within Zend, so it doesn't churn through the dispatch cycle unnecessarily? I am doing below in a plugin but I am not sure this is the best way:

public function preDispatch(Zend_Controller_Request_Abstract $request)
{
    if (malicious request) {
        $this->getResponse()
                    ->clearHeaders()
                    ->setHttpResponseCode(403)
                    ->appendBody("Forbidden")
                    ->sendResponse();
    }
}

Thanks for any suggestions!

Charles
  • 50,943
  • 13
  • 104
  • 142
RADA
  • 455
  • 5
  • 14

2 Answers2

1

Check out the Zend Controller Action Helper called Redirector: http://framework.zend.com/manual/en/zend.controller.actionhelpers.html It'll do the same thing as your plugin, but that doesn't necessarily make it any faster.

Bob Baddeley
  • 2,264
  • 1
  • 16
  • 22
  • 1
    Action helpers are available after preDispatch. I am trying to make this faster, not slower. – RADA Dec 13 '10 at 18:10
0

If you know what the bad request URI's look like, you could send them directly to some custom static error page using mod_rewrite rules. Enter the rules before your rule that sends the request to index.php and those requests would never hit your application.

RewriteEngine On
RewriteRule ^/mywebsite.com/phpmyadmin /errorpage.php [L]
RewriteRule !(phpdoc|docs)|\.(js|ico|gif|jpg|png|css|html)$ /index.php
dt1021
  • 39
  • 2
  • oooh, yeah, this is a good option. 403'ing an automated scanner won't do much. Having the web server handle obviously bad pages before they even get to your application is definitely faster. However, your list will never be complete, so you should also implement another solution within your application. This one will handle a big chunk of the bad requests, though. – Bob Baddeley Dec 13 '10 at 17:02
  • Why a static page? 403 is faster and I believe some scanners do give up if they get a 403. – RADA Dec 13 '10 at 18:08