3

On this question I found this particular part of code in an Apache configuration file:

# rewrite rule to prevent proxy exploit RewriteCond %{REQUEST_URI} !^$ RewriteCond %{REQUEST_URI} !^/ RewriteRule .* - [R=400,L]

What is a proxy exploit?

How does it work and how does exactly these lines prevent the attack?

Improve this question

1 Answer 1

Reset to default
1

A reverse proxy exploit is this ability to take advantage of a vulnerability in a service acting as an intermediary redirector for client request to one or more backend servers/services.

Apache HTTPd can act as such gateway using its multi-protocol proxy/gateway features eg. mod_proxy & related modules.

Code presented use Apache mod_rewrite directives (RewriteCond here) is supposely aimed at mitigating an Apache Vulnerability related to how rewrite module process values received within incoming request URI.

1 ) First rewrite condition

RewriteCond %{REQUEST_URI} !^$
  • REQUEST_URI variable is the path component of the requested URI (without query string)
  • ! : "not" (eg. not matching)
  • ^ : "beginning of REQUEST_URI
  • $ : "end of of REQUEST_URI value"

2 ) Second rewrite condition

RewriteCond %{REQUEST_URI} !^/
  • REQUEST_URI variable is the path component of the requested URI (without query string)
  • ! : "not"
  • ^ : "beginning of REQUEST_URI value"
  • / : "/" (literally), eg."slash separator"

3 ) Rewrite rule

 RewriteRule .* - [R=400,L]
  • . : "any single character"
  • * : "Zero or more of previous character"
  • - : "No modification to incoming URL
  • R=400 : Redirect with HTTP status code 400 ("Bad Request")
  • L : "Last" rule, stop processing
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.