[TCLUG] [OT] Apache rewrite for MS BS

Tue Aug 10 13:13:17 CDT 2004

On Tue, Aug 10, 2004 at 12:43:32PM -0500, Josh Trutwin wrote:
> Found this little nugget searching for an Apache rewrite rule to stop these annoying 8000 character line log entries for idiots trying to exploit an IIS vulnerability and thought I'd share:
> 
> <IfModule mod_rewrite.c>
>    RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com
>    RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com
>    RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com
>    RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com
>    RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com
>    RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com
>    RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com
>    RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com
>    RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com
>    RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com
> </IfModule>
> 
> Josh
> 

Thanks. Looks useful.

-- 
Jim Kaufman
Linux Evangelist
public key 0x6D802619
http://www.linuxforbusiness.net

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list