[Zope] de-worming
Jack Coates
jack@monkeynoodle.org
Wed, 3 Oct 2001 21:43:02 -0700 (PDT)
On Wed, 3 Oct 2001, Martijn Pieters wrote:
> On Tue, Oct 02, 2001 at 09:21:22PM -0700, Jack Coates wrote:
> >
> > I've put an object in Zope named default.ida and containing:
> >
> > <dtml-call "RESPONSE.redirect('http://127.0.0.1')">
> >
> > which seems to have stopped Code Red from being a problem. My next
> > question is, how do I block Nimda? I need a wildcard or regexp document
> > which will intercept any URL including "cmd.exe" or "root.exe". Any
> > ideas?
>
> You could try the Redirector product:
>
> http://www.zope.org/Members/djay/Redirector1_1
>
> or you could create an Access Rule that sniffs the request before traverse.
>
I ended up using the Redirector, which works fairly well. Two issues do
remain:
It can't do underscores in the first space of a name, so there's no
blocking of _vti_bin or _mem_bin.
It continues to log all the activity, only with 401 instead of 404.
Thanks for the tip!
--
Jack Coates
Monkeynoodle: A Scientific Venture...