relayd block bad request

CiotBSD · #1 **(View Single Post)** 6th May 2020

Hi, all

With relayd, how can I block this request :

Code:

/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>

or:

Code:

/?XDEBUG_SESSION_START=phpstorm

jggimi · #2 **(View Single Post)** 6th May 2020

I haven't used relayd in about 8 years, but something like:

Code:

block url "/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>" label "URL blocked"
block url "/?XDEBUG_SESSION_START=phpstorm" label "URL blocked"

might possibly work. Have you been through the FILTER RULES section of the relayd.conf(5) man page?

CiotBSD · #3 **(View Single Post)** 6th May 2020

NO, this pass.
I attempt too, with block query or block path without any success!

Even, as:

Code:

block query "XDEBUG_SESSION_START" value "phpstorm" label "blocked"
block request query "*" value "*" label "blocked"

etc.

Why I attempt?
Because, I delivery only static; and to try if possible.

CiotBSD · #4 **(View Single Post)** 14th May 2020

OK, tonight, I found how to do:

Code:

block quick query "a" value "fetch"         label '<em>Blocked!</em>'
block quick query "XDEBUG_SESSION_START"    label '<em>Blocked!</em>'

So, simply!

----

How can I block all methods other than GET, HEAD?!
Do I specify block method for all of them?

bsdun · #5 **(View Single Post)** 15th May 2020

Something like this:

Code:

http protocol getonly {
return error
pass quick method GET
block label "Forbidden Method"
}

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode