[linux] apache mod_rewrite quickie

Jonathan Nicol jnicol at backnine.org
Tue Oct 4 16:18:36 PDT 2005


Hi Cere,

I couldn't get it to work. It's a hard thing to Google for, but I read the
Apache documentation, and I don't think it's possible.

Just in case anyone wants to try this... I'm trying to use rewrite to prevent
xmlrpc.php exploits (see http://www.securityfocus.com/bid/14088).

I've got a file xmlrpchack.conf (where goodsite.com is up-to-date and needs
xmlrpc.php):
RewriteEngine On
RewriteOptions Inherit
RewriteCond %{HTTP_HOST} !www\.goodsite\.com [nocase]
RewriteCond %{REQUEST_URI} ^\/xmlrpc\.php [nocase]
RewriteRule ^(.*)$ / [F]

This works if I have "Include xmlrpchack.conf" in each vhost, but I
can't figure
out any way to have it apply to all of them. I tried just including it in
httpd.conf, also tried including it in <Directory /> and <Directory
/document/root>, and in just the first (default) vhost, none of these worked.

Ah well. Thanks anyway, Cere.


Jonathan


Quoting "Cere M. Davis" <cere at u.washington.edu>:


>

> I think you want the "RewriteOptions Inherit" command. Depending on

> how your are vhosting (ideal for a single ip and many hostnames) you

> may be able to just apply a majority of your rules the the first

> default catchall vhost stanza and then you wont have to set up

> rewrite rules for each.

>

> -Cere

>

> On Tue, 4 Oct 2005, Jonathan Nicol wrote:

>

>> Date: Tue, 04 Oct 2005 14:30:12 -0700

>> From: Jonathan Nicol <jnicol at backnine.org>

>> Reply-To: Linux/Unix Users Group at the UW <linux at u.washington.edu>

>> To: linux at u.washington.edu

>> Subject: [linux] apache mod_rewrite quickie

>>

>> Hi all,

>>

>> Quick mod_rewrite question... I've got a server with dozens of

>> Vhosts. I want a

>> RewriteRule that applies to all of them. From what I can tell, I

>> would have to

>> put the rewrite in EACH vhost (or put the rules in a seperate file,

>> and Include

>> it in EACH vhost). Is my assumption correct? Does anyone know an easier way

>> around this??

>>

>>

>> thanks

>> Jonathan

>>

>

> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

> Cere Davis

> Unix Systems Administrator - CSDE

> cere at u.washington.edu ph: 206.685.5346

> https://staff.washington.edu/cere

>

> GnuPG Key http://staff.washington.edu/cere/gpgkey.txt

> Key fingerprint = B63C 2361 3B9B 8599 ECC9 D061 3E48 A832 F455 9E7FA

>

>

>






More information about the Linux mailing list