httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill -OSX- Jones <sn...@mac.com>
Subject Re: Code Red 2 attack
Date Fri, 01 Mar 2002 14:27:46 GMT
[Oops, back to list, also]

  yes and No, but this and the other posted SetEnvIfNocase (with the 
env=!nolog) does work great (at least on my system...)

HTH;
-Sx-

On Friday, March 1, 2002, at 09:08  AM, Brian Quinn wrote:

> Hi Bill,
>
> I'm not much of a scripter so i figured i would write and ask.
> did you just insert this set of rewrite commands into the 
> httpd.conf file?
> and also, do this drop the entry's from entering the logs?
>
>
> Thanks
>
> Brian
>


When using this code, you need the usual mod_rewrite directives, 
obviously missing here.  Sorry about that...

>> # Check for Code Red IIS/Windows Hacking non-sense...
>>   RewriteCond %{REQUEST_FILENAME} /winnt/          [NC,OR]
>>   RewriteCond %{REQUEST_FILENAME} /system32/       [NC,OR]
>>   RewriteCond %{REQUEST_FILENAME} \.ida.*$         [NC,OR]
>>   RewriteCond %{REQUEST_FILENAME} \.exe.*$         [NC,OR]
>>   RewriteCond %{REQUEST_FILENAME} \.com.*$         [NC,OR]
>>   RewriteCond %{REQUEST_FILENAME} \.dll.*$         [NC]
>>   RewriteRule ^.*$ http://insecurity.org/403.shtml [L]
>> #  RewriteRule ^.*$ http://insecurity.org/notwindows.html [L]
>>

_Sx____________________
  ('>    -Sx- IUDICIUM
  //\   Have Computer -
  v_/_    Will Hack...


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message