I'm getting a lot of bogus requsts in the form of
index.php?id=http://64.15.67.17/~babysona/logo.jpg?;, sometimes more
than a hundred a day per domain. The php script catches it, logs the
request, sends an email report and replies with access denied, but
it takes processing which I'd
On Thursday 24 July 2008 09:14:55 Chris wrote:
I was hoping there's a way to tell apache to block requests where
id=non_numeric.
It's trying to do a remote inclusion.
It's easy for you to fix in php:
if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die(Die
Is there a
way for apache to catch these requests before passing it to php? Is it
more efficient for apache to handle this than php?
2 x yes. I think you could probably use LocationMatch and ban all access
with Deny from all.
/Per Jessen, Zürich
--
Thanks for replying Per. Isn't Deny from
I was hoping there's a way to tell apache to block requests where
id=non_numeric.
It's trying to do a remote inclusion.
It's easy for you to fix in php:
if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die(Die hacker die!);
}
}
I'm sure there would
Børge Holen wrote:
On Thursday 24 July 2008 09:14:55 Chris wrote:
I was hoping there's a way to tell apache to block requests where
id=non_numeric.
It's trying to do a remote inclusion.
It's easy for you to fix in php:
if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
Thanks, I'm already doing something like that, but I want to stop it getting
to php.
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
Ask on an apache list how to use it.
--
Postgresql php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To
I was hoping there's a way to tell apache to block requests where
id=non_numeric.
It's trying to do a remote inclusion.
It's easy for you to fix in php:
if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die(Die hacker die!);
}
}
I'm sure there would
On Thursday 24 July 2008 09:38:57 Chris wrote:
Børge Holen wrote:
On Thursday 24 July 2008 09:14:55 Chris wrote:
I was hoping there's a way to tell apache to block requests where
id=non_numeric.
It's trying to do a remote inclusion.
It's easy for you to fix in php:
if
Hi Arno
No, when you use Location it's not filesystem specific any more. But I've
just found out that you can't match on the query-string.
These images aren't on my server, and
the requests aren't trying to access images on my server. What I see
are requests using the php script on my server
Chris wrote:
I'm sure there would be a way to do it with ModRewrite or something
but it's 5 lines of code in php so I'd do it there *shrug*.
See my reply to Arno - in Apache it's only 2 lines of config. :-)
/Per Jessen, Zürich
--
PHP General Mailing List (http://www.php.net/)
To
I'm getting a lot of bogus requsts in the form of
index.php?id=http://64.15.67.17/~babysona/logo.jpg?;, sometimes more than a
hundred a day per domain. The php script catches it, logs the request, sends
an email report and replies with access denied, but it takes processing
which I'd rather not
Arno Kuhl wrote:
Is there a
way for apache to catch these requests before passing it to php? Is it
more efficient for apache to handle this than php?
2 x yes. I think you could probably use LocationMatch and ban all
access with Deny from all.
/Per Jessen, Zürich
--
PHP General Mailing
Arno Kuhl wrote:
I'm getting a lot of bogus requsts in the form of
index.php?id=http://64.15.67.17/~babysona/logo.jpg?;, sometimes more than a
hundred a day per domain. The php script catches it, logs the request, sends
an email report and replies with access denied, but it takes processing
13 matches
Mail list logo