LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   How to config apache 2.0 ignore request with specified file extension? (http://www.linuxquestions.org/questions/linux-server-73/how-to-config-apache-2-0-ignore-request-with-specified-file-extension-570884/)

wanna13e 07-20-2007 03:13 AM

How to config apache 2.0 ignore request with specified file extension?
 
Hi All Gurus,

How do I configure apache to ignore user trying to get file extension like dll, asp and other files from webserver?

Below is a example of the log I get in my error log.

[Fri Jul 20 15:59:34 2007] [error] [client 202.156.13.3] File does not exist: /www/www.yellowpages.com.sg/_vti_bin/owssvr.dll
[Fri Jul 20 15:22:08 2007] [error] [client 219.74.242.72] File does not exist: /www/www.yellowpages.com.sg/MSOffice/cltreq.asp
[Fri Jul 20 15:05:15 2007] [error] [client 199.41.197.24] File does not exist: /www/www.yellowpages.com.sg/_vti_bin/owssvr.dll


:newbie:

Thanks amillion in advance.

bathory 07-21-2007 09:27 AM

You can use the apache "conditional logging" feature. I.e. in your config file use something like:
Code:

SetEnvIf Request_URI "(\.dll|\.asp)$" dontlog
CustomLog logs/access_log common env=!dontlog

I don't think you can use the same trick for ErrorLog though.

Another way to go is to create a script (using sed perhaps) that deletes the lines containing the extensions you don't want to log and use the "piped logging" feature of apache. This can be used either for CustomLog and ErrorLog.
You can read more here.

Regards

wanna13e 07-22-2007 04:43 AM

Thanks alot bathory.
 
Quote:

Originally Posted by bathory
You can use the apache "conditional logging" feature. I.e. in your config file use something like:
Code:

SetEnvIf Request_URI "(\.dll|\.asp)$" dontlog
CustomLog logs/access_log common env=!dontlog

I don't think you can use the same trick for ErrorLog though.

Another way to go is to create a script (using sed perhaps) that deletes the lines containing the extensions you don't want to log and use the "piped logging" feature of apache. This can be used either for CustomLog and ErrorLog.
You can read more here.

Regards


Can I know how can apache skip or don't service this kind of request from public?

bathory 07-22-2007 09:16 AM

Quote:

Can I know how can apache skip or don't service this kind of request from public?
I don't understand what you mean by that. You want apache to deny access to these files from internet and allow it from your LAN? These files are IIS files, so you don't care if someone asks for them since they don't exist in apache.
Anyway if you want to deny access to these file extensions (by IP) you can use the "Files" directive either in .htaccess, or in your .conf file (even inside a <Directory>..</Directory> section):
Code:

<Files ~ "\.(dll|asp)$">
  order allow,deny
  deny from all
  allow from 192.168.0.
</Files>


wanna13e 07-22-2007 08:20 PM

Thanks amillion bathory
 
Quote:

Originally Posted by bathory
I don't understand what you mean by that. You want apache to deny access to these files from internet and allow it from your LAN? These files are IIS files, so you don't care if someone asks for them since they don't exist in apache.
Anyway if you want to deny access to these file extensions (by IP) you can use the "Files" directive either in .htaccess, or in your .conf file (even inside a <Directory>..</Directory> section):
Code:

<Files ~ "\.(dll|asp)$">
  order allow,deny
  deny from all
  allow from 192.168.0.
</Files>



Sorry for my language here. You did answer my question here. Thanks amillion.


All times are GMT -5. The time now is 10:55 PM.