> I'm getting a lot of bogus requsts in the form of > "index.php?id=http://64.15.67.17/~babysona/logo.jpg?";, sometimes more > than a hundred a day per domain. The php script catches it, logs the > request, sends an email report and replies with "access denied", but > it takes processing which I'd rather not have php busy with. (The php > script rejects anything where id=something_not_numeric.) Is there a > way for apache to catch these requests before passing it to php? Is it > more efficient for apache to handle this than php? > > Arno >
Yes, in Apache turn off userdir access In your httpd.conf file do this. UserDir disabled That way it will not process url that starts with a tildy ~... That should take care of it. Apache should then only report a 404 error to the error log for the given virtual host. -- Thanks for the reply. Is that correct htough? I always thought in the example http://mysite.com/index.php?id=http://64.15.67.17/~babysona/logo.jpg? the url started with index.php... Most the requests though look more like http://mysite.com/index.php?id=http://calebsbirth.pisem.su/caleb.htm? without the tilde. I was hoping there's a way to tell apache to block requests where id=non_numeric. Cheers Arno -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
![http://64.15.67.17/~babysona/logo.jpg?"](http://64.15.67.17/~babysona/logo.jpg?"){kind=link}
