Forum Moderators: phranque
Wondering if there's a way to deny site wide access to any url requesting
test.txt using .htaccess
Thanks.
[edited by: jdMorgan at 2:14 pm (utc) on Feb. 6, 2008]
[edit reason] example.com [/edit]
Many thanks to Jim.
It will stop this and attacks you don't already know about.
Easily installs / integrates with apache. Needs a bit of dry run testing at first but once installed you just leave it turn away the bad guys at the door.
Mod security is telling you an exploit attempt was detected and it issued a 500 / 40x error (not that the transmitting end would recognise it as they are fire and forget).
To block it totally from accessing your server you need to deny the ip address but you do not know that before hand as different proxies / compromised devices are being used everytime.
Maybe its related, but I had to turn off SecFilterCheckURLEncoding directive because some of my legit urls use odd characters.
Look at the modsecurity_crs_10_config.conf file and set
SecRuleEngine On
