Chris wrote:
> I'm sure there would be a way to do it with ModRewrite or something
> but it's 5 lines of code in php so I'd do it there *shrug*.
See my reply to Arno - in Apache it's only 2 lines of config. :-)
/Per Jessen, Zürich
--
PHP General Mailing List (http://www.php.net/)
To unsubscri
Hi Arno
No, when you use it's not filesystem specific any more. But I've
just found out that you can't match on the query-string.
> These images aren't on my server, and
> the requests aren't trying to access images on my server. What I see
> are requests using the php script on my server to tr
On Thursday 24 July 2008 09:38:57 Chris wrote:
> Børge Holen wrote:
> > On Thursday 24 July 2008 09:14:55 Chris wrote:
> >>> I was hoping there's a way to tell apache to block requests where
> >>> id=non_numeric.
> >>
> >> It's trying to do a remote inclusion.
> >>
> >> It's easy for you to fix in
> I was hoping there's a way to tell apache to block requests where
> id=non_numeric.
It's trying to do a remote inclusion.
It's easy for you to fix in php:
if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die("Die hacker die!");
}
}
I'm sure there woul
> Thanks, I'm already doing something like that, but I want to stop it getting
> to php.
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
Ask on an apache list how to use it.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To u
Børge Holen wrote:
> On Thursday 24 July 2008 09:14:55 Chris wrote:
>>> I was hoping there's a way to tell apache to block requests where
>>> id=non_numeric.
>> It's trying to do a remote inclusion.
>>
>> It's easy for you to fix in php:
>>
>> if (isset($_GET['id'])) {
>> if (!is_numeric($_GET
> I was hoping there's a way to tell apache to block requests where
> id=non_numeric.
It's trying to do a remote inclusion.
It's easy for you to fix in php:
if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die("Die hacker die!");
}
}
I'm sure there woul
> Is there a
> way for apache to catch these requests before passing it to php? Is it
> more efficient for apache to handle this than php?
2 x yes. I think you could probably use and ban all access
with "Deny from all".
/Per Jessen, Zürich
--
Thanks for replying Per. Isn't "Deny from all" mor
On Thursday 24 July 2008 09:14:55 Chris wrote:
> > I was hoping there's a way to tell apache to block requests where
> > id=non_numeric.
>
> It's trying to do a remote inclusion.
>
> It's easy for you to fix in php:
>
> if (isset($_GET['id'])) {
> if (!is_numeric($_GET['id'])) {
>
> I'm getting a lot of bogus requsts in the form of
> "index.php?id=http://64.15.67.17/~babysona/logo.jpg?";, sometimes more
> than a hundred a day per domain. The php script catches it, logs the
> request, sends an email report and replies with "access denied", but
> it takes processing which
Arno Kuhl wrote:
I'm getting a lot of bogus requsts in the form of
"index.php?id=http://64.15.67.17/~babysona/logo.jpg?";, sometimes more than a
hundred a day per domain. The php script catches it, logs the request, sends
an email report and replies with "access denied", but it takes processing
w
Arno Kuhl wrote:
> Is there a
> way for apache to catch these requests before passing it to php? Is it
> more efficient for apache to handle this than php?
2 x yes. I think you could probably use and ban all
access with "Deny from all".
/Per Jessen, Zürich
--
PHP General Mailing List (http:
12 matches
Mail list logo
