[gentoo-user] htaccess file

[gentoo-user] htaccess file

[Joseph]

I have in my main "htaccess" file the following condition, is it still needed:
---------code------------
# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers

<IfModule mod_rewrite.c>
RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com
</IfModule>

<IfModule mod_setenvif.c>
   <IfDefine SSL>
     SetEnvIf User-Agent ".*MSIE.*" \
              nokeepalive ssl-unclean-shutdown \
              downgrade-1.0 force-response-1.0
   </IfDefine>
</IfModule>
------end code--------------


Can somebody enlighten me what below RewriteCond protect against? :-/

RewriteEngine On
RewriteCond %{QUERY_STRING} :/ [NC]
RewriteRule ^ - [F]

-- 
#Joseph
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] htaccess file

[Iain Buchanan]

On Fri, 2008-06-13 at 00:31 -0600, Joseph wrote:
> I have in my main "htaccess" file the following condition, is it still needed:
> ---------code------------
> # The following makes adjustments to the SSL protocol for Internet
> # Explorer browsers
> 
> <IfModule mod_rewrite.c>
> RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com
> </IfModule>

hee hee!  When I had my apache webserver public, I used to get all these
requests for wierd url's like that.  Then I realised it was just the
script kiddies trying the usual exploits that didn't exist.  It's
probably safe to leave or delete as you see fit.

don't know about the rest of your questions :)

-- 
Iain Buchanan <iaindb at netspace dot net dot au>

Nothing can be done in one trip.
		-- Snider

-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] htaccess file

[darren kirby]

quoth the Iain Buchanan:
> On Fri, 2008-06-13 at 00:31 -0600, Joseph wrote:
> > I have in my main "htaccess" file the following condition, is it still
> > needed: ---------code------------
> > # The following makes adjustments to the SSL protocol for Internet
> > # Explorer browsers
> >
> > <IfModule mod_rewrite.c>
> > RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com
> > RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com
> > RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com
> > RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com
> > RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com
> > RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com
> > RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com
> > RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com
> > RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com
> > RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com
> > </IfModule>
>
> hee hee!  When I had my apache webserver public, I used to get all these
> requests for wierd url's like that.  Then I realised it was just the
> script kiddies trying the usual exploits that didn't exist.  It's
> probably safe to leave or delete as you see fit.

Yeah, these sorts of requests have all but dried up on my server over the last 
few years, but it was fun to have them all hammer on Microsoft's servers 
rather than mine.

> don't know about the rest of your questions :)

Me neither, but if I was to hazard a guess, I would say that:

RewriteCond %{QUERY_STRING} :/ [NC]
RewriteRule ^ - [F]

matches any query strings with ":/" in them, and returns a 403 forbidden 
error. Though, I am not sure ":/" is interpreted literally or not. Doesn't 
look like any PCRE i've seen...


> --
> Iain Buchanan <iaindb at netspace dot net dot au>
>
> Nothing can be done in one trip.
> 		-- Snider

-d
-- 
darren kirby :: Part of the problem since 1976 :: http://badcomputer.org
"...the number of UNIX installations has grown to 10, with more expected..."
- Dennis Ritchie and Ken Thompson, June 1972
-- 
gentoo-user@lists.gentoo.org mailing list