mod_rewrite to forbid long REQUEST_URIs

Forum Moderators: phranque

Message Too Old, No Replies

mod_rewrite to forbid long REQUEST_URIs

longjohn

8:42 am on Jun 15, 2005 (gmt 0)

Hi,
as a security measure I'd like to block long, say 200 chars, requests. That's what I've done (virtual host context):

RewriteCond %{REQUEST_URI} /.{200,}
RewriteRule ^/.* - [F,L]

This is working fine, but if I want to extend the trick to requests longer than 255 chars (i.e. /.{256,}) I get the following error:

# apachectl configtest
Syntax error on line 28 of /usr/local/apache/conf/vhosts/testsite.conf:
RewriteCond: cannot compile regular expression '/.{256,}'

- Can I overcome the problem?
- Anyone could suggest another way to forbid long requests?

Any help would be greaty appreciated, thank you.

jdMorgan

2:28 pm on Jun 15, 2005 (gmt 0)

longjohn,

Welcome to WebmasterWorld!

There are several basic settings in Apache to limit the size of requests -- See the Apache core [httpd.apache.org] documentation, and see LimitRequestLine for one example.

Jim

longjohn

7:33 am on Jun 17, 2005 (gmt 0)

Thanks a lot Jim.
Good hint, but this directive has a server config context.
I have many vhosts and would like to limit requests according to a per virtual host policy.
Mod_rewrite would be great, if only I could get it work with long (>255) URIs.