| .htaccess help - trying to block formmail hits
in my web hosts central cgi-bin |
brandi01
msg:1511567 | 10:20 pm on Jan 29, 2003 (gmt 0) |
I hope this is the correct place to post this. I've seen & read other .htaccess threads here, so... My host has a central cgi-bin were they keep scripts for all virtual domains use via script aliases. Recently some of my sites have been getting tons of hits for /cgi-bin/formmail.pl. I have tried in vain to block these using the following (and numerous variations of) .htaccess: Options +FollowSymLinks
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} ^/cgi-bin/formmail\.(pl¦cgi) [NC]
RewriteRule ^.* - [F,L] |
|
Any ideas of what I am doing wrong? A simple test with another (below) .htaccess file worked rewriteEngine on
rewriteBase /
rewriteRule ^test_page.htm index.htm |
|
so I am assuming that mod_rewrite is on, otherwise that wouldn't have worked (right?). Thanks for any and all ideas.
|
jdMorgan
msg:1511568 | 10:30 pm on Jan 29, 2003 (gmt 0) |
Brandi01, Try this simplified version in your top-level directory .htaccess : Options +FollowSymLinks
RewriteEngine on
RewriteRule formmail\.(pl¦cgi)$ - [NC,F] This will block any request for formmail to any directory or subdirectory of you account. Don't forget to replace the "¦" pipe character if you cut-n-paste from above. It must be a solid vertical bar. The WebmasterWorld software changes the character set or something... Jim
|
brandi01
msg:1511569 | 10:46 pm on Jan 29, 2003 (gmt 0) |
Thanks Jim. It somewhat worked. I can still access mydomain.com/cgi-bin/formmail.pl I now get a 403 trying to access mydomain.com/formmail.pl I don't know a lot about aliases, but I keep thinking that is the problem. The formmail script is not in my local cgi-bin, it is about 3 levels above my root, at the same level as the servers conf folder, if you follow me. Thanks for reminding me about changing the ¦, I forgot about that once before doing a cut and paste and banged my head against the wall for awhile before catching it. Any other ideas? -brandi
|
jdMorgan
msg:1511570 | 10:57 pm on Jan 29, 2003 (gmt 0) |
| I don't know a lot about aliases, but I keep thinking that is the problem. The formmail script is not in my local cgi-bin, it is about 3 levels above my root, at the same level as the servers conf folder, if you follow me. |
|
Yes, I picked up on that. The problem is that you can't do anything about that from your level. The host administrator is going to have to take care of that, since it's out of your "realm" - By the time your .htaccess is executed, it's too late because the server has already redirected that cgi-bin request at a level above your .htaccess. A better approach to suggest to them is to let you set up your own cgi-bin directory, and then place a Unix file link in it pointing to their script directory. You can then password-protect your directory to keep the bad guys out. They'd also have to remove their redirect or script-alias for cgi-bin that's currently above your account... Basically, let you call their script from a password-protected dir in your account. Jim
|
brandi01
msg:1511571 | 11:04 pm on Jan 29, 2003 (gmt 0) |
Thanks so much, Jim. I already have a local cgi-bin for my own scripts, so I will take your explanation and see if they can do what you suggest. I just really don't want to end up on a blacklist because of this, which I don't have much control over (except to switch hosts). Thanks again,
-brandi
|
jdMorgan
msg:1511572 | 11:08 pm on Jan 29, 2003 (gmt 0) |
No problem,
You might also want to try a search here on WebmasterWorld for "formmail script" and variants. The older versions are insecure. Newer versions are better, but at least one member has posted about additional improvements. Best,
Jim
|
|
|
