Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: rewrite rule for apache

from [Arian J. Evans] Network Security [Permanent Link]
Subject: RE: rewrite rule for apache
Date: Wed, 6 Sep 2006 09:29:30 -0500 


-----Original Message-----
From: bituman [mailto:bituman@enerla.net] 

I want to protect a directory, better to say its contents 
from people downloading it, 
if the are not coming from a specified page.
Now, i understand, that the following code redirect 
*vicodin.* to a standard error page.


This shouldn't be thought of as a "protection", but more
like a search engine interference, or anti-leeching mechanism.
Since there are a myriad of ways someone could forge
the REFERER field of the HTTP Header...
 

RewriteEngine on
RewriteCond %{HTTP_REFERER} 
^(http://)?(www\.)?.*(-|.)vicodin(-|.).*$ [NC,OR]
< ...lots of other rules go here...>
RewriteRule .* - [F,L]

What rewrite rules should i use if i want users from 
index.php?option=login to access the content and everyone 
else to redirected to the standard error page?
Is it even possible to use get style params in the referer field?


Yeah, it's just a regex. You can Google TONS of docs on
this pretty quickly. Here's an example (I haven't tested,
YMMV) if you wanted to verify the REFERER field for an URL
param and then lacking that param, rewrite the request URI
based upon conditions like file extension (brackets commented):

/*IfModule mod_rewrite.c*/
        RewriteEngine on
        RewriteCond %{HTTP_REFERER} !^$
        RewriteCond %{HTTP_REFERER}
!^http(s)?://(www\.)?index.php(\?)option=login [NC]
        RewriteCond %{REQUEST_URI} !^/avatar/leech.gif [NC]
        RewriteRule \.(gif|jpg|jpeg|png|bmp|swf)$
http://www.anachronic.com/images/avatar/leech.gif [R,NC] 
/*/IfModule*/

1. Turns on
2. Catches blank referer
3. Catches your URL param
4. Ignores custom error URI
5. Rewrites URI based upon specific content (extensions) requested

You could also add frame-busting code here, or many other
things, all of which you should find pretty quickly with
our friend Google.

Arian J. Evans
Software Security Person
+1.913.378.3571 [mobile]

"See? That was nothing. But that's how it
always begins. Very small." -Egg Shen




-------------------------------------------------------------------------
Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of 
sensitive data - personal, medical and financial - are exchanged, and 
stored. Consumers expect and demand security for this information. This 
whitepaper examines a few vulnerability detection methods - specifically 
comparing and contrasting manual penetration testing with automated 
scanning tools. Download "Automated Scanning or Manual Penetration 
Testing?" today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: rewrite rule for apache, Arian J. Evans <=
Previous by Date:  Re: Cookie poisoning without XSS, Matteo Meucci
Next by Date:  Re: need help with webgoat, chris
Previous by Thread:  Re: Cookie poisoning without XSS, Matteo Meucci
Next by Thread:  Re: need help with webgoat, chris
Indexes:  [Date] [Thread] [Top] [All Lists]