Доброго дня Всем. В access.log следующее:
74.119.234.97 - - [16/Feb/2014:19:59:30 +0400] "GET /I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 HTTP/1.0" 404 88640 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:31 +0400] "GET /index.php?page=../../../../../../../../../etc/passwd%00 HTTP/1.0" 200 113239 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:32 +0400] "GET /gwebmail/?module=../../../../etc/passwd%00 HTTP/1.0" 404 88640 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:34 +0400] "GET /?module=../../../../etc/passwd%00 HTTP/1.0" 200 113239 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:35 +0400] "GET /spywall/languageTest.php?&language=../../../../../../../../etc/passwd%00 HTTP/1.0" 301 544 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:36 +0400] "GET /languageTest.php?&language=../../../../../../../../etc/passwd%00 HTTP/1.0" 301 536 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:37 +0400] "GET /spywall/releasenotes.php?relfile=../../../../../etc/passwd%00 HTTP/1.0" 404 88640 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:38 +0400] "GET /releasenotes.php?relfile=../../../../../etc/passwd%00 HTTP/1.0" 404 88640 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:39 +0400] "GET /asaancart%20v-0.9/libs/smarty_ajax/index.php?_=&f=update_intro&page=../../../../../etc/passwd%00 HTTP/1.0" 301 560 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:40 +0400] "GET /libs/smarty_ajax/index.php?_=&f=update_intro&page=../../../../../etc/passwd%00 HTTP/1.0" 301 542 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:41 +0400] "GET /smarty_ajax/index.php?_=&f=update_intro&page=../../../../../etc/passwd%00 HTTP/1.0" 301 537 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:42 +0400] "GET /index.php?_=&f=update_intro&page=../../../../../etc/passwd%00 HTTP/1.0" 200 113239 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:43 +0400] "GET /acp/index.php?p=../../../../../../../etc/passwd%00 HTTP/1.0" 301 514 "-" "-"
74.119.234.97 - - [16/Feb/2014:19:59:44 +0400] "GET /index.php?p=../../../../../../../etc/passwd%00 HTTP/1.0" 301 399 "-" "-"
Т.е пытаются получить доступ к etc/passwd. Как заблокировать запросы со строкой "etc/passwd"? Пробовал RedirectMatch, RewriteRule не получается.
Заранее благодарю. Иван.
|