HEAD & POST in meiner .htaccess
bearbeitet von einsiedlerNunja, da sind irgendwelche Spacken die es auf mich aubgesehen haben:
Hier ein Paar Logs:
"POST"
~~~ HTML
2021-02-27 07:23:13 Error 52.188.55.90 404 GET /.env HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 1.21 K Apache-Zugriff
2021-02-27 07:23:14 Error 52.188.55.90 403 POST / HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 5.21 K Apache-Zugriff
~~~
~~~ HTML
2021-02-28 15:58:17 Error 188.34.158.15 403 GET / HTTP/1.0 page-preview-tool Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 5.21 K Apache-Zugriff
2021-02-28 15:58:17 Error 188.34.158.15 AH01797: client denied by server configuration: /var/www/vhosts/xxx.de/httpdocs_xxx/ Apache-Fehler
2021-02-28 16:07:00 Error 139.162.52.129 403 GET /.env HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 1.20 K Apache-Zugriff
2021-02-28 16:07:00 Error 139.162.52.129 AH01797: client denied by server configuration: /var/www/vhosts/xxx.de/httpdocs_xxx/.env Apache-Fehler
2021-02-28 16:07:01 Error 139.162.52.129 403 GET /vendor/.env HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 1.20 K Apache-Zugriff
2021-02-28 16:07:01 Error 139.162.52.129 AH01797: client denied by server configuration: /var/www/vhosts/xxx.de/httpdocs_xxx/vendor/.env Apache-Fehler
2021-02-28 16:07:02 Error 139.162.52.129 403 GET /storage/.env HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 1.20 K Apache-Zugriff
2021-02-28 16:07:02 Error 139.162.52.129 AH01797: client denied by server configuration: /var/www/vhosts/xxx.de/httpdocs_xxx/storage Apache-Fehler
2021-02-28 16:07:03 Error 139.162.52.129 403 GET /public/.env HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 1.20 K Apache-Zugriff
2021-02-28 16:07:03 Error 139.162.52.129 AH01797: client denied by server configuration: /var/www/vhosts/xxx.de/httpdocs_xxx/public Apache-Fehler
2021-02-28 16:07:04 Error 139.162.52.129 403 POST / HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 5.21 K Apache-Zugriff
2021-02-28 16:07:04 Error 139.162.52.129 AH01797: client denied by server configuration: /var/www/vhosts/xxx.de/httpdocs_xxx/ Apache-Fehler
2021-02-28 17:11:13 Access 54.202.113.170 302 GET / HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 1.23 K Apache-Zugriff
2021-02-28 18:40:06 Error 139.162.182.111 404 GET /checkout HTTP/1.0 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 1.21 K Apache-Zugriff
~~~
~~~ HTML
2021-02-27 00:12:01 Error 139.162.52.129 404 GET /.env HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 1.21 K Apache-Zugriff
2021-02-27 00:12:02 Error 139.162.52.129 404 GET /vendor/.env HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 1.21 K Apache-Zugriff
2021-02-27 00:12:03 Error 139.162.52.129 404 GET /storage/.env HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 1.21 K Apache-Zugriff
2021-02-27 00:12:04 Error 139.162.52.129 404 GET /public/.env HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 1.21 K Apache-Zugriff
2021-02-27 00:12:05 Error 139.162.52.129 403 POST / HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 5.21 K Apache-Zugriff
~~~
~~~ HTML
2021-02-27 05:50:50 Error 52.188.55.90 404 GET /.env HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 1.21 K Apache-Zugriff
2021-02-27 05:50:50 Error 52.188.55.90 403 POST / HTTP/1.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 5.21 K Apache-Zugriff
2021-02-27 07:29:04 Error 5.188.62.76 403 GET / HTTP/1.0 Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36 5.21 K Apache-Zugriff
2021-02-27 07:29:04 Error 5.188.62.76 AH01797: client denied by server configuration: /var/www/vhosts/xxx.de/xxx.de/ Apache-Fehler
~~~
"HEAD"
~~~ HTML
2021-02-27 00:40:58 Access 138.246.253.24 301 HEAD / HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36 0 SSL/TLS-Zugriff für Apache
2021-02-27 00:45:35 Access 35.230.69.215 301 HEAD / HTTP/2.0 https://t.co/pUAeOb5lBy Unbekannt 0 SSL/TLS-Zugriff für Apache
2021-02-27 00:45:36 Error 35.230.69.215 400 HEAD / HTTP/1.0 https://www.xxx.de/ Unbekannt 137 Apache-Zugriff
~~~
usw. und so fort...
Jeden tag habe ich soetwas.
Bisher setze ich auf den beiden Seiten wo ich ein Login habe das hier ein:
~~~ HTML
# whitelist POST requests
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} !/login.php [NC]
RewriteCond %{REQUEST_URI} !/register.php [NC]
RewriteCond %{REQUEST_URI} !/forgotten.php [NC]
RewriteCond %{REQUEST_URI} !/verify.php [NC]
RewriteCond %{REQUEST_URI} !/reset.php [NC]
RewriteCond %{REMOTE_ADDR} !127.0.0.1
RewriteRule .* - [F,L]
</IfModule>
~~~
Um ein "Registrieren" und ein "Login" überhaupt noch zu ermöglichen und nicht so ein "wildes POST" zu bekommen welches keinen Sinn macht.
Also was müsste ich nun tun?
Gruß der einsiedelnde