CODEWITHSUNDEEP
phpzend-frameworkhttp-status-code-403
RADA
RADA

Reputation: 464

Fastest way to 403 in Zend framework

What is the best way to reject a request coming from malicious scripts? I have a Zend application with modules. I have a list of URL's that the scanners are dialing, such as mywebsite.com/phpmyadmin, /webmail, /cpanel, etc. Right now, they are getting 404's, clogging up my error log. I'd like to 403 them from within the application. (Unless there is a better way to handle that)?

What is the fastest way to 403 within Zend, so it doesn't churn through the dispatch cycle unnecessarily? I am doing below in a plugin but I am not sure this is the best way:

public function preDispatch(Zend_Controller_Request_Abstract $request)
{
    if (malicious request) {
        $this->getResponse()
                    ->clearHeaders()
                    ->setHttpResponseCode(403)
                    ->appendBody("Forbidden")
                    ->sendResponse();
    }
}

Thanks for any suggestions!

Upvotes: 4

Views: 4505

Answers (2)

dt1021
dt1021

Reputation: 39

If you know what the bad request URI's look like, you could send them directly to some custom static error page using mod_rewrite rules. Enter the rules before your rule that sends the request to index.php and those requests would never hit your application.

RewriteEngine On
RewriteRule ^/mywebsite.com/phpmyadmin /errorpage.php [L]
RewriteRule !(phpdoc|docs)|\.(js|ico|gif|jpg|png|css|html)$ /index.php

Upvotes: 0

Bob Baddeley
Bob Baddeley

Reputation: 2262

Check out the Zend Controller Action Helper called Redirector: http://framework.zend.com/manual/en/zend.controller.actionhelpers.html It'll do the same thing as your plugin, but that doesn't necessarily make it any faster.

Upvotes: 1

Related Questions