homepage Welcome to WebmasterWorld Guest from 54.196.62.132
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
.htaccess help - trying to block formmail hits
in my web hosts central cgi-bin
brandi01




msg:1511567
 10:20 pm on Jan 29, 2003 (gmt 0)

I hope this is the correct place to post this. I've seen & read other .htaccess threads here, so...

My host has a central cgi-bin were they keep scripts for all virtual domains use via script aliases.

Recently some of my sites have been getting tons of hits for /cgi-bin/formmail.pl. I have tried in vain to block these using the following (and numerous variations of) .htaccess:

Options +FollowSymLinks
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} ^/cgi-bin/formmail\.(pl¦cgi) [NC]
RewriteRule ^.* - [F,L]

Any ideas of what I am doing wrong? A simple test with another (below) .htaccess file worked

rewriteEngine on
rewriteBase /
rewriteRule ^test_page.htm index.htm

so I am assuming that mod_rewrite is on, otherwise that wouldn't have worked (right?).

Thanks for any and all ideas.

 

jdMorgan




msg:1511568
 10:30 pm on Jan 29, 2003 (gmt 0)

Brandi01,

Try this simplified version in your top-level directory .htaccess :

Options +FollowSymLinks
RewriteEngine on
RewriteRule formmail\.(pl¦cgi)$ - [NC,F]

This will block any request for formmail to any directory or subdirectory of you account.

Don't forget to replace the "¦" pipe character if you cut-n-paste from above. It must be a solid vertical bar. The WebmasterWorld software changes the character set or something...

Jim

brandi01




msg:1511569
 10:46 pm on Jan 29, 2003 (gmt 0)

Thanks Jim.

It somewhat worked.

I can still access mydomain.com/cgi-bin/formmail.pl

I now get a 403 trying to access mydomain.com/formmail.pl

I don't know a lot about aliases, but I keep thinking that is the problem. The formmail script is not in my local cgi-bin, it is about 3 levels above my root, at the same level as the servers conf folder, if you follow me.

Thanks for reminding me about changing the ¦, I forgot about that once before doing a cut and paste and banged my head against the wall for awhile before catching it.

Any other ideas?

-brandi

jdMorgan




msg:1511570
 10:57 pm on Jan 29, 2003 (gmt 0)

I don't know a lot about aliases, but I keep thinking that is the problem. The formmail script is not in my local cgi-bin, it is about 3 levels above my root, at the same level as the servers conf folder, if you follow me.

Yes, I picked up on that. The problem is that you can't do anything about that from your level. The host administrator is going to have to take care of that, since it's out of your "realm" - By the time your .htaccess is executed, it's too late because the server has already redirected that cgi-bin request at a level above your .htaccess.

A better approach to suggest to them is to let you set up your own cgi-bin directory, and then place a Unix file link in it pointing to their script directory. You can then password-protect your directory to keep the bad guys out. They'd also have to remove their redirect or script-alias for cgi-bin that's currently above your account... Basically, let you call their script from a password-protected dir in your account.

Jim

brandi01




msg:1511571
 11:04 pm on Jan 29, 2003 (gmt 0)

Thanks so much, Jim.

I already have a local cgi-bin for my own scripts, so I will take your explanation and see if they can do what you suggest. I just really don't want to end up on a blacklist because of this, which I don't have much control over (except to switch hosts).

Thanks again,
-brandi

jdMorgan




msg:1511572
 11:08 pm on Jan 29, 2003 (gmt 0)

No problem,
You might also want to try a search here on WebmasterWorld for "formmail script" and variants. The older versions are insecure. Newer versions are better, but at least one member has posted about additional improvements.

Best,
Jim

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved