WebFaction
Community site: login faq

Hi, recently on my django website i experience a pretty massive "attack" from someone using Acunetix software, causing tons of error emails to completely block my webmail (6000+ in less than an hour). So i contacted them to know how to stop these requests, and they suggested me to block requests coming from Acunetix, because they have some specific headers:

HTTP_ACUNETIX_PRODUCT = 'WVS/10.0 (Acunetix Web Vulnerability Scanner - Free Edition)'

HTTP_ACUNETIX_SCANNING_AGREEMENT = 'Third Party Scanning PROHIBITED'

HTTP_ACUNETIX_USER_AGREEMENT = 'http://www.acunetix.com/wvs/disc.htm'

Having access to httpd.conf of my plan's Apache, is there an easy way to block all the requests having these headers? I already thinked about blocking the IP, but these attacks keep repeating every month with different IPs.

Thank you in advance!

asked 03 Aug, 21:24

Hecsa's gravatar image

Hecsa
111
accept rate: 0%


Sure, you can use mod_rewrite to check for those headers and block requests that contain them.

mod_rewrite is documented here: Apache mod_rewrite

I think something like this should work:

RewriteEngine on
RewriteCond %{HTTP_ACUNETIX_PRODUCT} ^.+ [NC]
RewriteCond %{HTTP_ACUNETIX_SCANNING_AGREEMENT} ^.+ [NC,OR]
RewriteCond %{HTTP_ACUNETIX_USER_AGREEMENT} ^.+ [NC,OR]
RewriteRule - [F,L]
permanent link

answered 04 Aug, 00:02

seanf's gravatar image

seanf ♦♦
11.7k21333
accept rate: 37%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×882
×219
×10
×6
×1

question asked: 03 Aug, 21:24

question was seen: 152 times

last updated: 04 Aug, 00:02

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2016 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM