[TCLUG] [OT] Apache rewrite for MS BS

Tue Aug 10 12:43:32 CDT 2004

Found this little nugget searching for an Apache rewrite rule to stop these annoying 8000 character line log entries for idiots trying to exploit an IIS vulnerability and thought I'd share:

<IfModule mod_rewrite.c>
   RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com
   RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com
   RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com
   RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com
   RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com
   RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com
   RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com
   RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com
   RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com
   RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com
</IfModule>

Josh

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list