Web Servers on Unix and Linux - stop path transveral?

This is Interesting: Free IT Magazines  
Home > Archive > Web Servers on Unix and Linux > November 2006 > stop path transveral?





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author stop path transveral?
Ken Williams

2006-11-07, 1:15 pm

I'm running apache 1.3.37 on linux 2.4. How can I block or stop the
following? I had something like this bring my server down a month ago.
For example I want to stop the /../ stuff from happening. mod_rewrite
can do this across all sites? I think this was from a site leecher or
spider gone crazy?


64.90.169.94 www.mysite.com - [10/Sep/2006:14:13:41 -0400] "GET
http://www.mysite.com/news/../conta...ts/../style.css HTTP/1.0"
200 4844 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.90.169.94 www.mysite.com - [10/Sep/2006:14:13:41 -0400] "GET
http://www.mysite.com/news/../conta...me/welcome.html
HTTP/1.0" 200 17325 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.90.169.94 www.mysite.com - [10/Sep/2006:14:13:41 -0400] "GET
http://www.mysite.com/news/../conta...book/index.html
HTTP/1.0" 200 25822 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.90.169.94 www.mysite.com - [10/Sep/2006:14:13:41 -0400] "GET
http://www.mysite.com/news/../conta.../news/news.html
HTTP/1.0" 200 30947 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.90.169.94 www.mysite.com - [10/Sep/2006:14:13:42 -0400] "GET
http://www.mysite.com/news/../conta...ct/contact.html
HTTP/1.0" 200 31888 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.90.169.94 www.mysite.com - [10/Sep/2006:14:13:42 -0400] "GET
http://www.mysite.com/news/../conta...me/welcome.html
HTTP/1.0" 200 17325 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"


kenw232@yahoo.com
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com