URL Redirect - Bad URL's

Fix it!!

URL Redirect - Bad URL's

Postby sharingsunshine » Tue Feb 03, 2009 8:33 am

I have a program that captures bad page requests and sends an email informing me of the request. Over the years, I have been able to take the majority of those requests and redirect them to a discontinued page. This works great except when the hackers insert entity codes in the url.

For example:
http://www.anydomain.com/%22http://www. ... /page.html

I can stop the http insertion except when %22 or any other entity is used. How do I pattern match for entities?

Here is what I have tried:

RewriteCond %{QUERY_STRING} ^site=http:(.+)?$ [OR]
RewriteCond %{THE_REQUEST} ^\%22http:(.+)$
RewriteRule ^.+$ http://www.theherbsplace.com/discontinued.html? [R=301,L]

The QUERY_STRING rule is for this kind of url:
http://www.anydomain.com/example.php?si ... .199/1.gif?

I appreciate your help in the past.

Thanks,

Randal
sharingsunshine
 
Posts: 55
Joined: Tue Dec 19, 2006 5:32 am

Postby richardk » Tue Feb 03, 2009 11:23 am

THE_REQUEST contains (for example for http://httpd.apache.org/docs/2.2/mod/core.html)
Code: Select all
GET /docs/2.2/mod/core.html HTTP/1.1


Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} ^site=http:(.*)$ [NC,OR]
RewriteCond %{THE_REQUEST} \ \%22http:([^\ ]*)\  [NC]
RewriteRule . http://www.theherbsplace.com/discontinued.html? [R=301,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: Google [Bot] and 2 guests

cron