Hey everyone, just checking in to see if anyone else has had similar experiences with bots attempting to GET the usual 'azenv.php' and 'prx1.php' files in order to use them as proxies. I use mod_security in Apache to block these requests and also disable proxies in httpd.conf, but I'm not entirely sure how to go about doing this in M/Monit.
My M/Monit site has its web UI open to the internet since we have a fairly mobile set of people accessing it from multiple networks (cafes, wifi, home, etc.) so it's not entirely realistic to filter by ip at IPTables. I looked at the server.xml and web.xml files to see if there was some directive I could use to disable GET/POST attempts to specific files (or even to only permit these to relevant files and block anything else) but I couldn't find anything there.
I know that the GET requests aren't going through because the files don't exist, but it would be great to completely lock these out so that the server doesn't have to process them at all. I had considered running M/Monit on a very non-standard port (it's on 8080 right now) but that's really just obfuscation that can be circumvented by smart bots. Would be nice to have a means of completely blocking illegitimate requests.
Here is a sample GET which I'm sure some people have seen before:
126.96.36.199 - - [20/Jan/2009:20:54:25 +0000] "GET /azenv.php HTTP/1.1" 404 1130 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
188.8.131.52 - - [21/Jan/2009:01:43:56 +0000] "GET /azenv.php HTTP/1.1" 404 1130 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 184.108.40.206 - - [21/Jan/2009:08:31:33 +0000] "GET /azenv.php HTTP/1.1" 404 1130 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Not surprisingly, the IP is part of Apnic (Asia Pacific Network Information Centre) and is likely a robot looking for proxies on the internet.
Any help greatly appreciated.
[Prev in Thread]
[Next in Thread]
[monit] Blocking specific GET requests to M/Monit,