One of the statistics I can access about my website are pages or files that were requested from a visitor to my web site but did not exist. I'm sure you've seen the "404 File Not Found" error messages before. Looking at a list of these failed requests can help me identify if there are any problems with my web pages that are referring to nonexistent files.
Unfortunately, the list of these requests is cluttered with things like:
/scripts/..%c0%2f../winnt/system32/cmd.exe
/_vti_bin/shtml.exe/_vti_rpc
These file references appear nowhere in links on my website, so I know they are artificial external requests that I do not want being made, since most of them are probing my website's defenses.
After some detailed investigation, I found that I could redirect these requests, which are a mixture of malicious hacking attempts and general information sweeps, to a "403 Forbidden" page which will keep them from showing up on my "404" list. This was fun to do because I got to get down and dirty with some of the Apache modules. I had fiddled with these before when getting Apache running on my home computer, but that was a while ago, and I did not dig very deep.
What I ended up doing is adding the following lines to my .htaccess file, which I have editing capabilities through my webhost's control panel:
RewriteEngine On
RewriteRule /(cmd|root|shell)\.exe$ - [F]
RewriteRule ^(cmd|root|shell)\.exe$ - [F]
RewriteRule \.ida - [F]
RewriteRule \_vti\_ - [F]
RewriteRule \.opml - [F]
I won't go through all the analysis of these lines, but basically it returns a "forbidden" error code ([F]) if the requested file matches any of the patterns listed (the patterns are defined using regular expressions).
Now, whenever these requests are made, they will be shunted to the "403 Forbidden" error page and they won't clutter my "404 File Not Found" error list. Woo-hoo!
Posted by Rob Reid at January 7, 2004 08:53 AM