On Wed, 3 Oct 2001, Martijn Pieters wrote:
On Tue, Oct 02, 2001 at 09:21:22PM -0700, Jack Coates wrote:
I've put an object in Zope named default.ida and containing:
<dtml-call "RESPONSE.redirect('http://127.0.0.1')">
which seems to have stopped Code Red from being a problem. My next question is, how do I block Nimda? I need a wildcard or regexp document which will intercept any URL including "cmd.exe" or "root.exe". Any ideas?
You could try the Redirector product:
http://www.zope.org/Members/djay/Redirector1_1
or you could create an Access Rule that sniffs the request before traverse.
I ended up using the Redirector, which works fairly well. Two issues do remain: It can't do underscores in the first space of a name, so there's no blocking of _vti_bin or _mem_bin. It continues to log all the activity, only with 401 instead of 404. Thanks for the tip! -- Jack Coates Monkeynoodle: A Scientific Venture...