I'm administering an Apache server that runs PHP-based Webapps that I have not written and cannot change. These Webapps are being successfully attacked. Here's an example from the log:
66.57.121.127 - - [19/Dec/2005:19:50:46 -0800] "GET /phplive/image_tracker.php?l=Bob&x=1&deptid=0&page= http%3A//www.pcbpro.com/pcb-quote.php%3FWT.mc_id%3D psepi00003%26referrer%3Dhttp%253a%252f%252fz-quest.com %252fgo.php%253fidUser%253d36%2526z%253dasaphczzhihd %2526idXmlFeed%253d37%2526idKeyword%253d145%2526 idSearchStatus%253d2%2526st%253d%2526url%253duggc %253a%252f%252fgkpyvpx.rcvybg.pbz%252fpyvpx.nfck %2540aoavhy%2540x%253dryrpgebavpf%2540aoaphy%2540o %253d700%2540aoaphy%2540c%253drcvybg%2540aoaphy %2540f%253dmdhrfgz%2540aoaphy%2540cbf%253d1%2540aoaphy %2540g%253d24%2540aoaphy%2540xvq%253dQP8N5Q43-Q517-40O0- 87Q9-P281S6QN0458%2540aoaphy%2540rc%253d255%2540aoaphy %2540fvq%253d815O3P57-3PS6-41S0-80S9-N79084865R39%2540 aoaphy%2540y%253duggc%253a%2540aoamhy%25402S%2540aoamhy %25402Sjjj.cpoceb.pbz%2540aoamhy%25402Scpo-dhbgr.cuc %2540aoamhy%25403SJG.zp_vq%253dcfrcv00003%2526ts %253danaihxzszxhdzahczmzh%2526rb%253daaaphfhpzf %2526is%253d66%25252E57%25252E121%25252E127%2526 idDomain%253d0&unique=1135050643687 HTTP/1.1" 200 43 In this example, I'd like to detect the string "go.php" and redirect the request elsewhere. I've tried to use RedirectMatch but nothing I've tried works. Here's just one example of the many, many statements I've tried: RedirectMatch 301 (.*)go\.php http://127.0.0.1 This is Apache 2.0.46 with mod_alias loaded. Ed --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
