First, let me say that I run a IIs site and am using a product from Qwerksoft to implement rewrite rules. I've been using it for over a year to perform a 301 redirect from non-www to www pages and it has worked flawlessly so far.

My new problem is that I've detected some hacking attempts to my shopping cart and I want to make it easier for me to spot and later block these people.

What I want to do is send people who try to directly access any of my access database files, as well as my global.asa file.

I've already tried this set of rules, but they have had no effect:

RewriteRule global\.asa /protected/trap.asp [L]
RewriteRule \.mdb$ /protected/trap.asp [L]

I'm now thinking of these:

RewriteRule .*global\.asa.* /protected/globalasatrap.asp [L]
RewriteRule .*\.mdb.* /protected/mdbtrap.asp [L]<br>

Should either of these work? Does anyone else use rewrite rules to log hacker attempts and how do you do it?

My idea is to redirect anyone attempting to access certain files to a script that will add their IP to a database and then send me an email.