Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

w2ksp4.exe, WwwxxXdbf, procmail "FROM_MAILER" patch, Use of assignment to $[ is deprecated at /usr/local/sbin/apxs line 86. , wwwxxx vim, mysql closing table and opening table, 800c5000, setgid operation not permitted, pciehp: acpi_pciehprm on IBM, WWWXXX.DBF

Links

XODOX
Impressum

#1: POST request interception

Posted on 2008-04-11 20:12:38 by patpro

Hello,

I've setup an antispam for my blog, so that presumed spammers can only
GET/HEAD, but POST is denied.
I'm serving a special 403 as a result of a denied POST request, and I
would like to retrieve and log the content of this POST. Unfortunately,
my 403.php file won't see any content in $_POST.

So if I understand correctly, the POST request is not forwarded to the
final document:

spammer request : POST some data to /some/page.php
apache : denies POST and serves 403.php

Is there any way to intercept POST request content when POST is denied ?

thanks,

patpro

--
A vendre : KVM IP 16 ports APC
http://patpro.net/blog/index.php/2008/01/12/133

Report this message

#2: Re: POST request interception

Posted on 2008-04-12 12:56:02 by unknown

Post removed (X-No-Archive: yes)

Report this message

#3: Re: POST request interception

Posted on 2008-04-12 14:22:32 by patpro

In article <slrng015b1.3hh.davideyeahsure@fogg.onlyforfun.net>,
Davide Bianchi <davideyeahsure@onlyforfun.net> wrote:

> On 2008-04-11, patpro ~ patrick proniewski <patpro@boleskine.patpro.net>
> wrote:
> > spammer request : POST some data to /some/page.php
> > apache : denies POST and serves 403.php
>
> I think that Apache doesn't deny anything, and the deny/allow process is
> done in your /some/page.php, so do the interception and loggin there.

Currently, I'm using :

ErrorDocument 403 /403_post.php
<LimitExcept GET>
Deny from env=GoAway
</LimitExcept>

so Apache does deny POST requests from supposed spammers. I don't really
want to change this apache configuration based antispam by a full php
interception on every POST on the server.

patpro

--
A vendre : KVM IP 16 ports APC
http://patpro.net/blog/index.php/2008/01/12/133

Report this message

#4: Re: POST request interception

Posted on 2008-04-14 13:55:19 by patpro

In article <patpro-CF417F.14223212042008@news-1.proxad.net>,
patpro ~ patrick proniewski <patpro@boleskine.patpro.net> wrote:

> In article <slrng015b1.3hh.davideyeahsure@fogg.onlyforfun.net>,
> Davide Bianchi <davideyeahsure@onlyforfun.net> wrote:
>
> > On 2008-04-11, patpro ~ patrick proniewski <patpro@boleskine.patpro.net>
> > wrote:
> > > spammer request : POST some data to /some/page.php
> > > apache : denies POST and serves 403.php
> >
> > I think that Apache doesn't deny anything, and the deny/allow process is
> > done in your /some/page.php, so do the interception and loggin there.
>
> Currently, I'm using :
>
> ErrorDocument 403 /403_post.php
> <LimitExcept GET>
> Deny from env=GoAway
> </LimitExcept>
>
> so Apache does deny POST requests from supposed spammers. I don't really
> want to change this apache configuration based antispam by a full php
> interception on every POST on the server.


I've changed the vhost config, so that I don't use LimitExcept, and do
no longuer reply with a 403 error code.
Now I use this :

RewriteEngine ON
RewriteCond %{ENV:GoAway} 1
RewriteCond %{REQUEST_METHOD} POST
RewriteRule (.*) /403_post.php

It's not good because it gives a code 200 instead of a code 403, but
it's good because it allows me to record the POST request.

patpro

--
A vendre ! http://www.patpro.net/blog/index.php/2008/01/12/133

Report this message

#5: Re: POST request interception

Posted on 2008-04-14 18:03:29 by phantom

"patpro ~ Patrick Proniewski" <patpro@boleskine.patpro.net> wrote in message
news:patpro-EA0A87.13551914042008@localhost...
> In article <patpro-CF417F.14223212042008@news-1.proxad.net>,
> patpro ~ patrick proniewski <patpro@boleskine.patpro.net> wrote:
>
>> In article <slrng015b1.3hh.davideyeahsure@fogg.onlyforfun.net>,
>> Davide Bianchi <davideyeahsure@onlyforfun.net> wrote:
>>
>> > On 2008-04-11, patpro ~ patrick proniewski
>> > <patpro@boleskine.patpro.net>
>> > wrote:
>> > > spammer request : POST some data to /some/page.php
>> > > apache : denies POST and serves 403.php
>> >
>> > I think that Apache doesn't deny anything, and the deny/allow process
>> > is
>> > done in your /some/page.php, so do the interception and loggin there.
>>
>> Currently, I'm using :
>>
>> ErrorDocument 403 /403_post.php
>> <LimitExcept GET>
>> Deny from env=GoAway
>> </LimitExcept>
>>
>> so Apache does deny POST requests from supposed spammers. I don't really
>> want to change this apache configuration based antispam by a full php
>> interception on every POST on the server.
>
>
> I've changed the vhost config, so that I don't use LimitExcept, and do
> no longuer reply with a 403 error code.
> Now I use this :
>
> RewriteEngine ON
> RewriteCond %{ENV:GoAway} 1
> RewriteCond %{REQUEST_METHOD} POST
> RewriteRule (.*) /403_post.php
>
> It's not good because it gives a code 200 instead of a code 403, but
> it's good because it allows me to record the POST request.
>

Your php script can send the 403 header:
header('HTTP/1.1 403 Forbidden');

Report this message

#6: Re: POST request interception

Posted on 2008-04-14 18:45:40 by patpro

In article <lfLMj.7958$yD2.3068@text.news.virginmedia.com>,
"phantom" <nobody@blueyonder.invalid> wrote:

> > I've changed the vhost config, so that I don't use LimitExcept, and do
> > no longuer reply with a 403 error code.
> > Now I use this :
> >
> > RewriteEngine ON
> > RewriteCond %{ENV:GoAway} 1
> > RewriteCond %{REQUEST_METHOD} POST
> > RewriteRule (.*) /403_post.php
> >
> > It's not good because it gives a code 200 instead of a code 403, but
> > it's good because it allows me to record the POST request.
> >
>
> Your php script can send the 403 header:
> header('HTTP/1.1 403 Forbidden');

yep, I will try this, thanks.

BTW, I've tried:

RewriteRule (.*) /403_post.php [F]

but it wont work.

patpro

--
A vendre : KVM IP 16 ports APC
http://patpro.net/blog/index.php/2008/01/12/133

Report this message

#7: Re: POST request interception

Posted on 2008-04-14 22:31:47 by patpro

In article <lfLMj.7958$yD2.3068@text.news.virginmedia.com>,
"phantom" <nobody@blueyonder.invalid> wrote:

> Your php script can send the 403 header:
> header('HTTP/1.1 403 Forbidden');

Well, I've tried this, but unfortunately, it won't make Apache log a
403. The client gets the 403, but Apache logs a 200.

patpro

--
A vendre : KVM IP 16 ports APC
http://patpro.net/blog/index.php/2008/01/12/133

Report this message