Forum Moderators: phranque
I have done extensive searching on the web, including with keywords and site:webmasterworld.com . I just cannot come-up with appropriate answer.
Basically, I am trying a technique to protect webmail. But, I have a problem with sub-directory .htaccess seeming to take precedence over the root .htaccess. I contacted hosting company and they said that the "last option" (which I gather is [L] may do the trick, but I cannot confirm).
Here is my set-up:
#1, I have .htaccess in root
#2, This .htaccess has rewrite, like so:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.mydomain\.com$ [NC]
RewriteRule ^(.*)$ http://mydomain.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^111.111.111.111$ [NC]
RewriteRule ^(.*)$ http://mydomain.com/$1 [R=301,L]
ErrorDocument 403 /e403.php
ErrorDocument 404 /e404.php
redirect 301 /webmailprogram http://mydomain.com/crackergoaway
#3, I have a subdomain set-up, pointing to the folder webmailprogram, such as [mywebmail.mydomain.com...]
#4, I have the folder /webmailprogram password protected, through the hosting company's utility and that folder contains the following code in the .htaccess file:
AuthName "Password Protected Area"
AuthType Basic
AuthUserFile /usr/local/webpassword/wp001.dat
Require valid-user
Ideally, what I want to happen is if a cracker, like one of these morfeus idiots is scanning my site, that if they tried to hit the folder, /webmailprogram they would get redirected to /crackergoaway. This allows me to still easily track in the logs and analytics programs what they did and it makes it impossible to get at my mail program.
However, if I access my mail through the subdomain, then I am not affected by the /crackergoaway, I just need to enter the password to get into the area.
The problem is that when the scanner hits the /webmailprogram folder, they are faced with a login for user id and password, rather than getting simply redirected. My host explained that the priority works backwards, which baffled me (I had forgotten about that, on Linux systems). This is why they said it might be solved with "last option" or [L], but did not give me a specific sample code or solution.
I just don't know how to fix that.
Now, someone may say, all of this is not necessary, but, I am just trying to be creative here and it adds a bit of fun for them to get that /crackergoaway page. :-)
Thanks for the help. If I was not clear in something, I will attempt to clarify.
Don't bother trying to redirect the bad guys or serve them cute or gloating 'special' pages. These are almost always automated programs running on compromised PCs in a botnet, and most do not follow redirects.
If a particular malicious request *is* among the tiny minority that has an actual human behind it, then either they won't speak your language and your message will be meaningless to them, or if they do speak your language, they will appreciate the clues you give them about how you've detected them and protected your site. They can then improve their attack based on the info you provide and try again. Most will simply move on to easier victims, though, unless it's "personal." Therefore, any kind of 'special message' is either a waste of your time or *decreases* your security.
Since you've password-protected this directory, why not consider the job done and move on to more important things? And for other access control cases, if you decide to forbid access, then serve a simple 403-Forbidden custom error page with no information whatsoever that would be useful to a malicious agent. Provide a text link to your homepage and 'Help' page if applicable, but little else.
Jim
Okay, let's say I want to deliver just a simple 403-Forbidden, which is easy enough, how would I do this based on my set-up?
I essentially agree with what you said, but I am still curious what the principle is, that I would need to do, if I wanted to accomplish this. In other words, it's just a point of curiosity now.
121.254.231.13211:06:04/roundcube//bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:04/rc//bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:05/mss2//bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:05/mail//bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:06/mail2//bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:06/roundcubemail//bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:07/rms//bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:07/webmail2//bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:07/webmail//bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:08/wm//bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:08/bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:10/round//bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:10/cube//bin/msgimport-"Toata dragostea mea pentru diavola"...
121.254.231.13211:06:11-"-"...
Too complicated for the benefit.
Jim
Jim
