On Nov 21, 9:26 pm, Walter McGinnis <walter.mcgin...@gmail.com> wrote:
> Hi,
>
> I was just looking at my logs and noticed a decent amount of 404s as a
> result of requests trying to use php exploits. I don't use PHP on my
> host at all, so I figure it's time to uniformly deny php requests with
> Apache to save my Rails apps having to look up the route.
>
> My searching has mostly brought back how tos on redirecting TO php
> rather than block it.
At a very simple level something like
RewriteRule \.php$ - [F]
Would rewrite any request where the url ended in .php to 403s
Fred
>
> I did find a mention of mod_security which looks promising. I'm
> wondering if it is compatible with Passenger. Any success or horror
> stories for it? Configuration file you would be willing to share?
>
> What else do people recommend?
>
> Cheers,
> Walter
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
No comments:
Post a Comment