block php requests
69 views
Skip to first unread message
hinnack
Jan 20, 2015, 6:55:40 AM1/20/15
to django...@googlegroups.com
Hi,
I get a lot of intrusion checks on my website - especially for PHP (wordpress, joomla, …).
Today they all raise a 404 errors in python-django - so if you have emails enabled for 404 errors…
What is the best way to block those requests in a standard apache deployment?
regards
Hinnack
Avraham Serour
Jan 20, 2015, 7:10:43 AM1/20/15
to django...@googlegroups.com
you can tell apache to get any request ending with .php and return 404 from apache without passing the request to django
you could return something else like 403 and ban the ip for some time
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/6ae3fac4-4de2-4b26-8fce-aafb84c6a01a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
hinnack
Jan 21, 2015, 3:32:15 AM1/21/15
to django...@googlegroups.com
Hi,
thanks for your reply.
Blocking all requests in Apache seems to be the best way. Can you give an example how to do that?
As / is mapped to the wsgi app ( https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/modwsgi/ )
and a new files section does not the trick:
<Files ~ "^.*\.([Pp][Hh][Pp])$"> #PHP protection
order allow,deny
deny from all
satisfy all
</Files>
Collin Anderson
Jan 22, 2015, 9:03:08 PM1/22/15
to django...@googlegroups.com
Hi,
I had broken link emails enabled for a while. Over time, my nginx.conf config grew into this:
location /_vti_inf.html { return 404; }
location /crossdomain.xml { return 404; }
location ~/cache/eb91756ae6745d22433f80be4ec59445$ { return 404; } # some sort of plugin?
location ~\.php$ { return 444; }
location ~\.aspx?$ { return 444; }
location /account/submit/add-blog { return 444; }
location /blogs/my_page/add { return 444; }
location /my_blogs { return 444; }
location /YaBB { return 444; }
location /signup { return 444; }
location /register { return 444; }
location /user/register { return 444; }
location /member/register { return 444; }
location /forum/member/register { return 444; }
location /tools/quicklogin.one { return 444; }
location /mt.js { return 444; }
location ~\[PLM=0\] { return 444; }
I eventually just turned of the 404 emails and was able to delete all of that config :)
Actually, if you put an <img src="/report_broken_link/"> (or do a similar request with ajax) on your 404 page, that would filter out a lot of spam.
Collin
Reply all
Reply to author
Forward
0 new messages