httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: Missing "Addhandler FOD `cat list` " problem
Date Thu, 19 Jul 2001 19:33:43 GMT
From: "William A. Rowe, Jr." <wrowe@rowe-clan.net>
Sent: Thursday, July 19, 2001 2:21 PM


> Please posit your suggestion to new-httpd@apache.org where the authors can consider
> it, especially in the context of Apache 2.0.

Sorry, meant to reply back to security@ ... since this is here, let me condense the
guts of the suggestion...

----- Original Message ----- 
From: "rudy" <rudy@edpstaff.com>
To: <I-found-a-security-problem-in-the-apache-source-code@apache.org>
Sent: Thursday, July 19, 2001 1:35 PM
Subject: Missing "Addhandler FOD `cat list` " problem 
>
> hi:
> 
> I'm currently undergoing a weird denial of service attack in which a large
> number of PCs (218 at last count) are sending me kiddie scripted buffer overflow
> attacks aimed at IIS admin scripts. [I know, read on, please!].
> 
> ... should be harmless except that they tie up bandwidth and the Apache  server
> apache needs a new handler. The effect of:
> 
> < AddHandler FOD 
>      default.ida
>      _vti_inf.html
>      _vti_bin/shtml.exe/_vti_rpc >
> 
> would be that a request to GET or POST anything on the list would return 
> absolutely nothing.  I.e. the server would write the log msg but appear totally 
> dead to the requestor.

I expect this should be simple to do so using the new filtering schema, we've done
similar bogus things by accedent in developing the new server filter model :)

Any takers?

Bill


Mime
View raw message