On Nov 21, 9:26 pm, Walter McGinnis <[email protected]> wrote: > Hi, > > I was just looking at my logs and noticed a decent amount of 404s as a > result of requests trying to use php exploits. I don't use PHP on my > host at all, so I figure it's time to uniformly deny php requests with > Apache to save my Rails apps having to look up the route. > > My searching has mostly brought back how tos on redirecting TO php > rather than block it.
At a very simple level something like RewriteRule \.php$ - [F] Would rewrite any request where the url ended in .php to 403s Fred > > I did find a mention of mod_security which looks promising. I'm > wondering if it is compatible with Passenger. Any success or horror > stories for it? Configuration file you would be willing to share? > > What else do people recommend? > > Cheers, > Walter -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
