On Wed, 19 Sep 2001, Bruce Albrecht wrote:
> I was looking at your Apache::MSIISProbes module, and I didn't
> understand the part about the nimda rewrite rules, mostly because I
> haven't used the rewrite rules. Do the following rules
>
> RewriteCond %{REQUEST_URI} !nimda
> RewriteCond %{QUERY_STRING} /c.dir
> RewriteRule .* /nimda? [R,L]
>
> mean unless I've already rewritten the rule, if the query string matches
> c.dir (i.e., will match c+dir found in most of the requests), rewrite
> the request as /nimda?
right.
> From my observation, nimbda also tries c+tftp
> and tries to get /scripts/Admin.dll, /c/Admin.dll, /d/Admin.dll and
> /MSADC/Admin.dll. Could I change the rewrite rules to
>
> RewriteCond %{REQUEST_URI} !nimda
> RewriteCond %{QUERY_STRING} /c.(tftp|dir)
> RewriteRule .* /nimda? [R,L]
>
> to catch either request, and then do
> RewriteCond %{REQUEST_URI} /(scripts|MSADC|c|d)/Admin.dll
> RewriteRule .* /nimda? [R,L]
> to catch the others?
>
Well, the rules you put forward seem fine, but I'm not sure you'll catch
everything ...
BTW the '?' on the end is to remove the query string ... if you leave it
off mod_rewrite puts the original one back.
- nick
