Forum Moderators: DixonJones
64.6X.X16.141 - - [12/Feb/2004:08:47:29 -0500] "POST http://64.6X.X16.141:25/ HTTP/1.1" 200 240
64.6X.X16.141 - - [12/Feb/2004:08:47:31 -0500] "CONNECT vmb-ext.prodigy.net:25 HTTP/1.0" 200 231
[edited by: DaveAtIFG at 4:25 pm (utc) on Feb. 13, 2004]
[edit reason] Obscured IP [/edit]
off the top of my head, maybe something like this...
RewriteCond %{REQUEST_URI} \:25(/)?$
RewriteRule .* - [F]
i think that will do it... it should catch :25 or :25/ at the end of the request...
this might be better off in the apache forum, too... i dunno... i currently don't have any way of testing this but i know that there are quite a few, here, that are very good with the regexes...
Mark.
for the CONNECTs, that would work... however, if you have a server side scripted site (php, pl, asp, jsp, etc) then you will need to allow POST thru for at least your site... then you run into the problem of folks blocking the referer and you not being able to tell if they hit the link from a page on your site...
since my site isn't undergoing that type of abuse, my answer was a possible solution but one that works only if the port number is specified...
i guess maybe its best to hit one target at a time rather than trying to think/dig deeper and stop them all at once ;)
