Forum Moderators: phranque
My Setup:
OS: Linux Red Hat 9
Apache version: 2.0.40
Desired result: I want to make my log files useful again. Ultimately, I'd like to only see the real visits. I'd like to keep the MS exploits and viruses out of the logs (and bounce the request back if possible).
Current Issues: Rewrite does not return a 403 forbidden when manually entering the URL into the address (testing) a www.mydomain.com/default.ida (nor others cmd.exe, etc.)
I currently do not use virtual hosts. I have incorporated the following code in my http.conf file.
# Ignore worms
SetEnvIf Request_URI "/(cmd\.exe¦root\.exe¦default\.ida¦Admin\.dll¦owssvr\.dll¦nsiislog\.dll¦httpodbc\.dll)$" DontLog
RewriteEngine On
RewriteLog /var/log/httpd/rewrite_log
RewriteLogLevel 1
RewriteCond %{REQUEST_URI} "/(cmd\.exe¦root\.exe¦default\.ida)$"
RewriteRule ^.*$ - [F]
CustomLog /var/log/httpd/access_log common env=!DontLog
I do have LoadModule rewrite_module modules/mod_rewrite.so in the http.conf file so I believe rewrite is active.
When I do a test query for www.mydomain.com/default.ida, the error_log is updated, but the rewrite_log is not. I don't get a 403 forbidden, I get a 404 page not found when I try to open the "default.ida" page in a browser.
Questions: Is my task more difficult since I am trying to put this into http.conf instead of an .htaccess file? Is it true that I may see better performance if I can get it to work properly in the http.conf file?
Thanks.
Welcome to WebmasterWorld [webmasterworld.com]!
> I do have LoadModule rewrite_module modules/mod_rewrite.so in the http.conf file so I believe rewrite is active.
It doesn't sound like mod_rewrite is active to me, so find out using a simple rewrite first:
RewriteRule ^/silly\.html$ /index.html [L]
You'll need Options +FollowSymLinks or Options +SymLinksIfOwnerMatch and also AllowOverride FileInfo Options configured at a minimum, in order to use mod_rewrite in an .htaccess context. Performance in httpd.conf will be better, because the code is compiled on start-up, whereas it is interpreted for each HTTP request if executed in .htaccess. Sometimes, though, testing in .htaccess can be much more convenient, since it doesn't require a server restart for each change to the code. However, you need to be aware of the subtle differences between running in these two contexts. Just for an example, the URLs tested by RewriteRule in .htaccess have been stripped of their leading slash, whereas the slash remains intact in httpd.conf (as illustrated by "^/silly\.html$" above).
Just a comment: You don't need quotes on your RewriteCond pattern, or "^" or "$" on the RewriteRule pattern ".*"
Jim
I tried this (with the suggested simple rewrite and minus the ",^, and $.) in the httpd.conf file.
# Ignore worms
SetEnvIf Request_URI /(cmd\.exe¦root\.exe¦default\.ida¦Admin\.dll¦owssvr\.dll¦nsiislog\.dll¦httpodbc\.dll) DontLog
RewriteEngine On
RewriteLog /var/log/httpd/rewrite_log
RewriteLogLevel 9
RewriteRule ^/silly\.html$ /index.html [L]
RewriteCond %{REQUEST_URI} /(cmd\.exe¦root\.exe¦default\.ida)
RewriteRule .* - [F]
CustomLog /var/log/httpd/access_log common env=!DontLog
I went to the browser, opened www.mydomain.com/silly.html but received a 404 file not found... so it didn't redirect it to the index.html file. (I do have an index.html file in my dir.)
I checked in the Dynamic Shared Object (DSO) support section and the LoadModule rewrite_module modules/mod_rewrite.so is there. I did some searching again, but didn't see if I have to do something more to make the module load.(?) The mod_rewrite.so file is in my /usr/lib/httpd/modules dir.
As a note, I have the code in the custom log section of the httpd.conf file.
