RE: [mod-security-users] How do I block mail attempts?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
RE: [mod-security-users] How do I block mail attempts?
|
From: Eli <eli...@ex...> - 2005-01-30 21:44:55
|
Mark wrote: > How do I block mail attempts, like below? > > "POST http://67.234.73.188:25/ HTTP/1.1" > > Would this do it? > > SecFilter "\:25\/" Why is your webserver listening on port 25? If it isn't, you can't prevent people posting to port 25 using mod_security - you need to block it with your mta software. Besides, POSTing data to port 25 will never work right - it isn't SMTP protocol aware and will fail. > Also, speaking of SecFilter, I have this: > > SecFilter "(\.com|\.exe|\.cmd|\.bat)" > > Can I add $ at the end of SecFilter? Like so: > > SecFilter "(\.com|\.exe|\.cmd|\.bat)$" > > I only want to match on patterns ending in this! The $ in a regex is *end of line*, not end of a word boundary. If the last part of the ENTIRE line you want to filter is .exe or whatever, then yes a $ at the end will work. In this case though, not so good. I suggest using the other SecFilter thing (sorry, can't remember the directive) that allows you to filter on certain CGI variables. Filter it on whatever one you need - file uploads or uri. Eli. |
