multiple dots in url

Forum Moderators: phranque

Message Too Old, No Replies

multiple dots in url

domain.com/.../dir/../file.php?hello=1..&val2=2...

niekas

3:57 pm on Oct 26, 2011 (gmt 0)

I noticed that some spam bots probe the site with weird request like:

domain.com/.../dir/../file.php?hello=1..&val2=2...

also nonexisting subdomains aka

nigeria.domain.com

I need to sanitize this. The hardest part is to detect first dot(s) after domain name.

Nothing works for me.

RewriteCond %{REQUEST_URI} /\.+(.*)$ 
RewriteCond %{REQUEST_URI} /[\.]+(.*)$

Why can't i detect first dots

lucy24

8:45 pm on Oct 26, 2011 (gmt 0)

They're not being read as literal dots. Dots in the vicinity of slashes are reserved characters with their own meaning.

[w3.org...]

I find them occasionally in my logs when a robot has misinterpreted

:: carefully avoiding eye contact with g1 ::

relative links beginning in ../ The most recent ones I could find received an automatic 400 response, meaning "I have no idea what you're asking for". That seems perfectly reasonable and you don't need to do anything more.

g1smd

12:04 am on Oct 27, 2011 (gmt 0)

Before any domain canonicalisation code:

RewriteRule \.\. [F]

The simplest solutions are the best. If that fails then

RewriteCond %{THE_REQUEST} \.\.
RewriteRule .* [F]

or similar might be useful.

lucy24

3:53 am on Oct 27, 2011 (gmt 0)

RewriteRule \.\. [F]

Yurk! :o That looks like one of those desperate-last-ditch rewrites for when you're so overrun with eight-leggedy things that you have to inspect every single incoming request. Can't he just let 'em slink off with a 400?

Don't you have to have a target, if only a null - ? (I hope so, because I recently told someone he had to or his server would explode.)

g1smd

6:09 am on Oct 27, 2011 (gmt 0)

Yes, that's a typo or two. It should be:

RewriteRule \.\. - [F]

RewriteCond %{THE_REQUEST} \.\.
RewriteRule .* - [F]