RewriteEngine on # je n'accepte pas les requêtes du type : trace, track et connect # Mais post et get sont ok RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|CONNECT) RewriteRule .* - [F] # Et n'accepte pas les GET http:// ou GET ftp:// RewriteRule ^(http|ftp)://.* - [F]
# Protection contre certaines commandes connus affectant IIS, <IfModule mod_rewrite.c> RedirectMatch permanent (.*)cmd.exe(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)root.exe(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)\/msadc\/(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)\/MSADC\/(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)\/x90\/(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)esearchall.com(.*)$ [machin.bidule.net] RedirectMatch permanent (.*).yoomy.com(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)vote.qq.com(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)\/config\/login\?(.*)$ [machin.bidule.net] RedirectMatch permanent (.*)adbrite.com(.*)$ [machin.bidule.net] </IfModule> <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|CONNECT) RewriteRule .* - [F] RewriteRule ^(http|ftp)://.* - [F] </IfModule> # Redirection de certaines page perso vers site <IfModule mod_rewrite.c> RedirectMatch permanent (.*)~leslions.com(.*)$ [www.les-lions.com] RedirectMatch permanent (.*)~bandedessinee(.*)$ [www.la-bande-dessinee.com] RedirectMatch permanent (.*)~luc-duperrier(.*)$ [www.tribune-alternative.net] RedirectMatch permanent (.*)~webmrap(.*)$ [www.mrap70-hericourt.net] </IfModule> <IfModule mod_rewrite.c> #FILTERS # We'll use these directives to trap a bunch of worms/exploits. SetEnvIfNoCase Request_URI "/c/winnt/" worm !log SetEnvIfNoCase Request_URI "/d/winnt/" worm !log SetEnvIfNoCase Request_URI "/e/winnt/" worm !log SetEnvIfNoCase Request_URI "/f/winnt/" worm !log SetEnvIfNoCase Request_URI "/_mem_bin/..%255c../" worm !log SetEnvIfNoCase Request_URI "/msadc/..%255c../" worm !log SetEnvIfNoCase Request_URI "/MSADC/root.exe?" worm !log SetEnvIfNoCase Request_URI "null\.ida" worm !log SetEnvIfNoCase Request_URI "/scripts/..%252f../" worm !log SetEnvIfNoCase Request_URI "/scripts/..%25%35%63../" worm !log SetEnvIfNoCase Request_URI "/scripts/..%255c../winnt/" worm !log SetEnvIfNoCase Request_URI "/scripts/..%%35%63../" worm !log SetEnvIfNoCase Request_URI "/scripts/..%%35c../" worm !log SetEnvIfNoCase Request_URI "/scripts/..%c0%2f../" worm !log SetEnvIfNoCase Request_URI "/scripts/..%c0%af../" worm !log SetEnvIfNoCase Request_URI "/scripts/..%c1%1c../" worm !log SetEnvIfNoCase Request_URI "/scripts/..%c1%9c../" worm !log SetEnvIfNoCase Request_URI "/scripts/root.exe?" worm !log SetEnvIfNoCase Request_URI "/_vti_bin/..%255c../" worm !log SetEnvIfNoCase Request_URI "\/\x90\x02" worm !log SetEnvIf Request_URI "Admin\.dll" worm !log SetEnvIf Request_URI "(adminÂ?httpodbc)\.dll(.*)$" worm !log SetEnvIf Request_URI "cmd\.exe" worm !log SetEnvIf Request_URI "(cmdÂ?rootÂ?shell)\.exe(.*)$" worm !log SetEnvIf Request_URI "^/default\.(idaÂ?idq)(.*)$" worm !log SetEnvIf Request_URI "default\.ida" worm !log SetEnvIf Request_URI "nsiislog\.dll(.*)$" worm !log SetEnvIf Request_URI "^PROPFIND(.*)$" worm !log SetEnvIf Request_URI "root\.exe" worm !log SetEnvIf Request_URI "_vti_inf\.html$" worm !log CustomLog /var/log/httpd/worm.log combined env=worm </IfModule>