CODEWITHSUNDEEP
apachehttpd.conf
memrat
memrat

Reputation: 167

Where exactly to use this code in httpd.conf?

I have a list which I saved from a previous install which I have marked as 'stop automated tools' which looks like this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:Accept} ^$ [OR]
RewriteCond %{HTTP:Accept-Language} ^$ [OR]
RewriteCond %{HTTP:Accept-Encoding} ^$ [OR]
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteCond %{REQUEST_METHOD} ^(POST)
RewriteRule .* - [R=400]
</IfModule>

Can somebody refresh my memory as to where I should be using this file and also, if possible, what the rules do?

Thank you.

Upvotes: 1

Views: 159

Answers (1)

AbsoluteƵER&#216;
AbsoluteƵER&#216;

Reputation: 7880

That's a mod_rewrite declaration and it goes either in a directory directive in the httpd.conf configuration file or you can put it in a .htaccess file at the website itself if you want to change it without using SSH to get into the box.

<Directory /website/root>

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP:Accept} ^$ [OR]
    RewriteCond %{HTTP:Accept-Language} ^$ [OR]
    RewriteCond %{HTTP:Accept-Encoding} ^$ [OR]
    RewriteCond %{HTTP_REFERER} ^$ [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteCond %{REQUEST_METHOD} ^(POST)
    RewriteRule .* - [R=400]
    </IfModule> 

</Directory>

Update Per your question about what the rules do, you're looking for empty (eg ^$) HTTP headers and connection requests. If any of the variables you're checking are empty then the system fails the request with an error code 400 (Bad Request).

The code would go into the directory directives for the various websites where applicable in your configuration file, whether it be a vhost include or the regular httpd.conf file.

Upvotes: 1

Related Questions