Today in the evening I met with an old client of mine and we talked about a simple way to defense web application against script kiddies: Just using mod_rewrite with HTTP_USER_AGENT. Fortunatly, Anant Shrivastava published a nice list already.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
RewriteEngine On <ifmodule mod_rewrite.c> RewriteCond %{HTTP_USER_AGENT} ^w3af.sourceforge.net [NC,OR] RewriteCond %{HTTP_USER_AGENT} dirbuster [NC,OR] RewriteCond %{HTTP_USER_AGENT} nikto [NC,OR] RewriteCond %{HTTP_USER_AGENT} SF [OR] RewriteCond %{HTTP_USER_AGENT} sqlmap [NC,OR] RewriteCond %{HTTP_USER_AGENT} fimap [NC,OR] RewriteCond %{HTTP_USER_AGENT} nessus [NC,OR] RewriteCond %{HTTP_USER_AGENT} whatweb [NC,OR] RewriteCond %{HTTP_USER_AGENT} Openvas [NC,OR] RewriteCond %{HTTP_USER_AGENT} jbrofuzz [NC,OR] RewriteCond %{HTTP_USER_AGENT} libwhisker [NC,OR] RewriteCond %{HTTP_USER_AGENT} webshag [NC,OR] RewriteCond %{HTTP_USER_AGENT} httrack [NC,OR] RewriteCond %{HTTP:Acunetix-Product} ^WVS RewriteRule ^.* http://127.0.0.1/ [R=301,L] </ifmodule> |
Of course this way you can’t fool a professional pentester but for the rest it seems an option. I don’t know how long it will take for the script kiddies to find out what’s going on but then BeEF could come into play…
