Invalid URI Redirection with Apache mod_rewrite
A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL
Invalid URI Redirection with Apache mod_rewrite
A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL
Invalid URI Redirection with Apache mod_rewrite Description
There have been times when a curious phish recipient or a zealous help desk staff has loaded the phishing link in their browser and decided to take a peek at a higher directory or the root domain. Of course, most times there isn’t much else site to see. In those cases, the chances of being reported to IR went up significantly, sometimes leading to a phishing campaign being blocked. This is where invalid URI redirection comes in handy. We can whitelist resources the Apache server will proxy for the targets and redirect any other requests to the target’s real domain or another page of our choosing. In the demo below, the user navigates to spoofdomain.com/really/long/url.html and is served a page; however, when the user navigates to spoofdomain.com/really/ the browser is redirected to google.com. RewriteEngine On RewriteCond %{REQUEST_URI} ^/(profiler|payload)/?$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http://SPOOFED-DOMAIN.com [NC] RewriteRule ^.*$ http://TEAMSERVER-IP%{REQUEST_URI} [P] RewriteRule ^.*$ http://REDIRECTION-URL.com/? [L,R=302] Line by line explanation: Enable the rewrite engine If the request's URI is either '/profiler' or '/payload' (with an optional trailing slash), ignoring case; OR If the request's referer starts with 'http://SPOOFED-DOMAIN.com', ignoring case;
Invalid URI Redirection with Apache mod_rewrite FAQ
Common questions about Invalid URI Redirection with Apache mod_rewrite including features, pricing, alternatives, and user reviews.
Invalid URI Redirection with Apache mod_rewrite is A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL. It is a Security Operations solution designed to help security teams with Web Security.
