[Zope] de-worming

Jack Coates jack@monkeynoodle.org
Wed, 3 Oct 2001 21:43:02 -0700 (PDT)


On Wed, 3 Oct 2001, Martijn Pieters wrote:

> On Tue, Oct 02, 2001 at 09:21:22PM -0700, Jack Coates wrote:
> >
> > I've put an object in Zope named default.ida and containing:
> >
> > <dtml-call "RESPONSE.redirect('http://127.0.0.1')">
> >
> > which seems to have stopped Code Red from being a problem. My next
> > question is, how do I block Nimda? I need a wildcard or regexp document
> > which will intercept any URL including "cmd.exe" or "root.exe". Any
> > ideas?
>
> You could try the Redirector product:
>
>   http://www.zope.org/Members/djay/Redirector1_1
>
> or you could create an Access Rule that sniffs the request before traverse.
>

I ended up using the Redirector, which works fairly well. Two issues do
remain:

It can't do underscores in the first space of a name, so there's no
blocking of _vti_bin or _mem_bin.

It continues to log all the activity, only with 401 instead of 404.

Thanks for the tip!
-- 
Jack Coates
Monkeynoodle: A Scientific Venture...