Unix/Linux Go Back    


Red Hat Red Hat is the world's leading open source technology solutions provider with offerings including Red Hat Enterprise Linux (RHEL), Fedora, open source applications, security and systems management, virtualization, and Services Oriented Architecture (SOA) solutions.

How to block some key words in my url for apache config?

Red Hat


Reply    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 03-28-2018   -   Original Discussion by gsiva
gsiva's Unix or Linux Image
gsiva gsiva is offline
Registered User
 
Join Date: Dec 2008
Last Activity: 5 April 2018, 11:15 PM EDT
Posts: 194
Thanks: 0
Thanked 0 Times in 0 Posts
Lightbulb How to block some key words in my url for apache config?

Hi Folks,

I am running a website and that needs to be tightened with security in terms of hacking... Whereas, In my URL, when i click on certain links the entire link as contains some words like below:

Code:
/control_panel
/controlpanel
/admin
/cms

Whereas, i need to block those words in apache config file, which can only be access internally. Let me know how to achieve this ..

-Siva

Last edited by rbatte1; 03-29-2018 at 05:27 AM..
Sponsored Links
    #2  
Old Unix and Linux 4 Weeks Ago   -   Original Discussion by gsiva
dryden's Unix or Linux Image
dryden dryden is offline
Registered User
 
Join Date: Apr 2018
Last Activity: 30 April 2018, 11:29 AM EDT
Posts: 8
Thanks: 0
Thanked 2 Times in 2 Posts
In general doing this manually would be folly but I know at least that there are efforts at blocking all "bad" bots (bots with recognisable user agents)

One example is: Apache Ultimate Bad Bot Blocker (find on github).

It uses BrowserMatchNoCase or similar to match user agents and put them in a list (set an environment variable for it) which then, as a whole, is denied.

There's little point in blocking known URLs your server doesn't have, as opposed to the bots that try to access the ones you *do* have.

So blocking the URLs is pointless (ineffective if you don't have them, and disruptive if you do have them), you will have to block the activity itself.

Many bots (most bots) do not actually identify as a common user agent, even the hacker-type bots will just use something recognisable.

Alternatively, when a known URL gets hit that requires password authentication fail2ban is often employed to block individual IPs.

Last edited by dryden; 4 Weeks Ago at 07:38 AM.. Reason: Automatic merging not acceptable
Sponsored Links
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Apache virtual host config vs global config problem freebird8z Red Hat 1 04-05-2013 10:33 AM
Apache vhosts config RewriteCond to ignore part of URL crmpicco Web Programming 3 09-24-2012 01:07 PM
apache url redirection raghur77 Web Programming 0 02-28-2012 09:14 AM
Apache Virtual URL wuschelz Web Programming 3 02-04-2011 04:58 PM
Apache, hiding the url blesets UNIX for Dummies Questions & Answers 2 07-12-2005 01:08 PM



All times are GMT -4. The time now is 09:09 PM.