View previous topic :: View next topic |
Author |
Message |
Draelen -
Joined: 12 Nov 2006 Posts: 5
|
Posted: Sat Sep 12, 2009 5:53 pm Post subject: Question: Pre-filtering all HTTP requests to the server |
|
|
Hello all,
I had a quick look over various suggestions/questions, but did not see anything related to this.
Is there a way to direct all HTTP requests, regardless of their target being a folder, html or script, to a binary/script of your choosing, for you to code your own anti-hacking detection, IP filtering and etc?
This idea is similar to PHP's "PreAppend" directive, that executes a .php script when any request to parse php code is executed. From there you can lookup sql databases, decide wether to terminate the request, or allow it through, blacklist the IP from future php requests, etc.
PHP's PreAppend script execution would work fine, but it only works for HTTP requests that cause the interpreter to launch, like accessing .php scripts. It wont apply to 401, 403, 404's,and non-errored requests, and getting directory listings for example.
Abyss' anti-hacking protection is not that great in terms of customising it, like banning new IP's requesting specific URLs trying to exploit default installations, banning IP's depending on what HTTP referrer they used, etc.
Thanks in advance for any assistance. |
|
Back to top |
|
|
pkSML -
Joined: 29 May 2006 Posts: 952 Location: Michigan, USA
|
Posted: Mon Sep 21, 2009 2:11 am Post subject: |
|
|
Simple answer: yes.
If you're running a *simple* site, this would be a piece of cake. But if there are any other types of information your webpages/scripts might be getting (form data, file uploads, etc.), then you will be shooting yourself in the foot.
If all you have is static information, no problems then. _________________ Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
Back to top |
|
|
Draelen -
Joined: 12 Nov 2006 Posts: 5
|
Posted: Mon Sep 21, 2009 6:22 pm Post subject: |
|
|
Unfortunatley, if I understand the solution correctly, that would require every page to have code in it, and it would not prevent requests that link straight to a file, 404'ed requests, or any other that results in anything other than an HTTP 200 response
The ideal solution is for a binary or script to be called before the server starts trying to see if the file exists, HTTP login is required, or otherwise give out any information to the client |
|
Back to top |
|
|
Draelen -
Joined: 12 Nov 2006 Posts: 5
|
Posted: Sun Oct 04, 2009 12:41 am Post subject: |
|
|
No reply for two weeks, anyone else got any ideas? ;p |
|
Back to top |
|
|
aprelium -
Joined: 22 Mar 2002 Posts: 6800
|
Posted: Mon Oct 05, 2009 1:01 pm Post subject: |
|
|
Draelen wrote: | No reply for two weeks, anyone else got any ideas? ;p |
The only way to do so (and that's not specific to Abyss Web Server) is to redirect all requests for any file/object/URL to a single script that will decide what to do and what to serve. By the way, this is the recommended configuration in modern Web frameworks (Ruby On Rails, Django, ASP.NET MVC, and Qcodo.)
To do so, you'll have to add an URL rewriting rule that will perform an internal redirection to such a script.
If the script is in /action.php for example, the URL rewriting rule needs to be added as follows:
* Select URL Rewriting, press Add in the URL Rewriting Rules table.
* Enter in the Virtual Path Regular Expression field:
^/(.*)$
* Press Add in the Conditions table.
* Set Variable to REQUEST_FILENAME, set Operator to Is not a file, and press OK.
* Press Add one more time in the Conditions table.
* Set Variable to REQUEST_FILENAME, set Operator to Is not a directory, and press OK.
* Set If this rule matches to Perform an internal redirection.
* Set Redirect to to:
/action.php?path=$1
* Press OK.
* Press Restart to apply the changes
The action.php script will have in its $_REQUEST['path'] variable the path that was originally requested. The script should then decide what to do based on the value of that path. _________________ Support Team
Aprelium - http://www.aprelium.com |
|
Back to top |
|
|
Draelen -
Joined: 12 Nov 2006 Posts: 5
|
Posted: Tue Oct 06, 2009 10:51 am Post subject: |
|
|
Thank you very much, this is quite helpful.
I did not consider the rewriting aspect of Abyss, i'll certanly look into that ;p |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|