Hi Folks,
I am running a website and that needs to be tightened with security in terms of hacking... Whereas, In my URL, when i click on certain links the entire link as contains some words like below:
/control_panel
/controlpanel
/admin
/cms
Whereas, i need to block those words in apache config file, which can only be access internally. Let me know how to achieve this ..
-Siva
In general doing this manually would be folly but I know at least that there are efforts at blocking all "bad" bots (bots with recognisable user agents)
One example is: Apache Ultimate Bad Bot Blocker (find on github).
It uses BrowserMatchNoCase or similar to match user agents and put them in a list (set an environment variable for it) which then, as a whole, is denied.
There's little point in blocking known URLs your server doesn't have, as opposed to the bots that try to access the ones you *do* have.
So blocking the URLs is pointless (ineffective if you don't have them, and disruptive if you do have them), you will have to block the activity itself.
Many bots (most bots) do not actually identify as a common user agent, even the hacker-type bots will just use something recognisable.
Alternatively, when a known URL gets hit that requires password authentication fail2ban is often employed to block individual IPs.