Send Apache request to some form of dev/null, nothing or nowhere

Question

This question I have not been able to get an authoritative answer on, but it's interested me for years:

Taking Apache with matching rewrite rules, say:

1 set of matches triggers the 403 Forbidden case. The 403 page is hosted on the site, so basically those conditions would trigger another page load on the site, and would in essence confirm to probers that the basic domain or IP exists.

But what I've always wondered is if there is a way basically send a request that matches certain conditions, say, a known spam/intrusion attempt pattern, and basically send it to /dev/null or an apache equivalent.

Having never been able to find such a solution, I often just use a fake domain name and redirect the matching requests to that fake domain, which removes that load from my server, and since the domain does not exist (I always pick abstract names that do not actually exist), the request after the 301 gets the 404, but in my ideal case, the request would simply fail and return nothing, or some Apache equivalent.

This is actually something I need to figure out due to an ongoing issue with certain tools being used to detect some data about our site that isn't supposed to be detectable, but the reason here isn't as important, since that changes for each situation, my question is, I guess, several fold:

1. if no such thing as a basic redirect to /dev/null exists, is there a way to dynamically assign an F forbidden 403 page that does not exist on the server, so the request doesn't bounce right back to the site 403 page, which can expose some things to people probing. This is the worst option, since the site is confirming that the IP address/domain and port exist.

2. Ideally, is there a way to actually send a request to nowhere? In a perfect world, it would return 404 for not found I guess which means that particular IP address probe would result in does not exist. Maybe this is the answer after all in a sense? But it would not be a 404 that then trips the loading of the site 404 page, it would be a 404 like a domain that does not exist generates on a request, or a probe of an IP address, port combination that does not exist.

3. And of course, the best case, when a request matches patterns, it simply does nothing, it does not respond, it does nothing, the request is absorbed into a black hole so to speak. Exactly as if you requested something from something that actually does not at all exist. Not from a domain that does exist but a page that does not, but rather where the entire request does not match any domain or page or IP address.

It's surprisingly difficult to find any information on this specific scenario of Apache mod rewrite, at least I've never found the question addressed, so if anyone can provide an authoritative answer, I've structured the question title to probably result in searches ending up on this page.

Again, the ideal outcome is that the probe never realizes that it in fact got a live site on an IP port scan after the matching conditions were met in the rewrite rules, which means, not a 403, not a 301, not a 200 response, not an html type response that comes from a site.

Note that in this scenario, I have no access to the main datacenter firewall, or the server firewalls, so it has to be the best result I can get using Apache 2 itself.

Answer 1

i have written some small apache modules in C how to do this is well described on the apache site

you can match anything you want with C, then execute the "then" part of the routine to the extent the Apache API will let you. i havent checked it, but the code sounds like it would be

--if pattern match, then do nothing. that would effectively be the same as sending a request to nowhere..

or -- ifpattern match, then do not respond... James