Question: Pre-filtering all HTTP requests to the server

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
Draelen
-


Joined: 12 Nov 2006
Posts: 5

PostPosted: Sat Sep 12, 2009 5:53 pm    Post subject: Question: Pre-filtering all HTTP requests to the server Reply with quote

Hello all,

I had a quick look over various suggestions/questions, but did not see anything related to this.

Is there a way to direct all HTTP requests, regardless of their target being a folder, html or script, to a binary/script of your choosing, for you to code your own anti-hacking detection, IP filtering and etc?

This idea is similar to PHP's "PreAppend" directive, that executes a .php script when any request to parse php code is executed. From there you can lookup sql databases, decide wether to terminate the request, or allow it through, blacklist the IP from future php requests, etc.

PHP's PreAppend script execution would work fine, but it only works for HTTP requests that cause the interpreter to launch, like accessing .php scripts. It wont apply to 401, 403, 404's,and non-errored requests, and getting directory listings for example.

Abyss' anti-hacking protection is not that great in terms of customising it, like banning new IP's requesting specific URLs trying to exploit default installations, banning IP's depending on what HTTP referrer they used, etc.

Thanks in advance for any assistance.
Back to top View user's profile Send private message
pkSML
-


Joined: 29 May 2006
Posts: 890
Location: Michigan, USA

PostPosted: Mon Sep 21, 2009 2:11 am    Post subject: Reply with quote

Simple answer: yes.

If you're running a *simple* site, this would be a piece of cake. But if there are any other types of information your webpages/scripts might be getting (form data, file uploads, etc.), then you will be shooting yourself in the foot.
If all you have is static information, no problems then.
_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
Draelen
-


Joined: 12 Nov 2006
Posts: 5

PostPosted: Mon Sep 21, 2009 6:22 pm    Post subject: Reply with quote

Unfortunatley, if I understand the solution correctly, that would require every page to have code in it, and it would not prevent requests that link straight to a file, 404'ed requests, or any other that results in anything other than an HTTP 200 response

The ideal solution is for a binary or script to be called before the server starts trying to see if the file exists, HTTP login is required, or otherwise give out any information to the client
Back to top View user's profile Send private message
Draelen
-


Joined: 12 Nov 2006
Posts: 5

PostPosted: Sun Oct 04, 2009 12:41 am    Post subject: Reply with quote

No reply for two weeks, anyone else got any ideas? ;p
Back to top View user's profile Send private message
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Mon Oct 05, 2009 1:01 pm    Post subject: Reply with quote

Draelen wrote:
No reply for two weeks, anyone else got any ideas? ;p


The only way to do so (and that's not specific to Abyss Web Server) is to redirect all requests for any file/object/URL to a single script that will decide what to do and what to serve. By the way, this is the recommended configuration in modern Web frameworks (Ruby On Rails, Django, ASP.NET MVC, and Qcodo.)

To do so, you'll have to add an URL rewriting rule that will perform an internal redirection to such a script.

If the script is in /action.php for example, the URL rewriting rule needs to be added as follows:

* Select URL Rewriting, press Add in the URL Rewriting Rules table.
* Enter in the Virtual Path Regular Expression field:

^/(.*)$

* Press Add in the Conditions table.
* Set Variable to REQUEST_FILENAME, set Operator to Is not a file, and press OK.
* Press Add one more time in the Conditions table.
* Set Variable to REQUEST_FILENAME, set Operator to Is not a directory, and press OK.
* Set If this rule matches to Perform an internal redirection.
* Set Redirect to to:

/action.php?path=$1

* Press OK.

* Press Restart to apply the changes

The action.php script will have in its $_REQUEST['path'] variable the path that was originally requested. The script should then decide what to do based on the value of that path.
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
Draelen
-


Joined: 12 Nov 2006
Posts: 5

PostPosted: Tue Oct 06, 2009 10:51 am    Post subject: Reply with quote

Thank you very much, this is quite helpful.

I did not consider the rewriting aspect of Abyss, i'll certanly look into that ;p
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group