httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Miguel González Castaños <...@tid.es>
Subject Re: [users@httpd] Logging Nimda
Date Wed, 09 Jul 2003 08:41:54 GMT
I assume when you ask for logging requests on 80 port, you mean that you are
using other ports such as 443 (for SSL).

name virtual hosting can be used with ports like this:

NameVirtualHost x.x.x.x:80

<VirtualHost x.x.x.x:80>

 ServerName server1

 logserver1

</VirtualHost>

<VirtualHost x.x.x.x:80>

 ServerName server2

 logserver2

</VirtualHost>

you could use also ONLY ONE NameVirtualHost with a port with SSL enabled,
because of the encryption.

HTH

Miguel


Aidan Whitehall ha escrito:

> I'm using named virtual hosts to host several sites on the same machine.
> The logs in the first web site in the list are full of Nimda-type
> requests:
>
>    /default.ida
>    /cmd.exe
>    /root.exe
>    /cgi-bin/formmail.cgi
>    /cgi-bin/formmail.pl
>    /favicon.ico
>    etc
>
> presumably because when Nimda-infected boxes or software designed to
> detect vulnerabilities accesses the server via IP on port 80, Apache
> uses the first site to respond to the request.
>
> I'd like to avoid these requests from appearing in the logs for the
> first site, but (and I can't think of a good reason why at the moment)
> still log this activity.
>
> Is it, perhaps, possible to ensure that requests made on port 80 are
> logged somewhere other than the first site? Or, if can anyone convince
> me that it's not worth logging, is there a way of preventing Apache from
> responding to a certain requests, like those listed above?
>
> Thanks for any ideas!
>
> --
> Aidan Whitehall <mailto:aidanwhitehall@fairbanks.co.uk>
> Macromedia ColdFusion Developer
> Fairbanks Environmental Ltd  +44 (0)1695 51775
> Queen's Awards Winner 2003 <http://www.fairbanks.co.uk/go/awards>
>
> ________________________________________________________________________
> This e-mail has been scanned for all viruses by Star Internet. The
> service is powered by MessageLabs. For more information on a proactive
> anti-virus service working around the clock, around the globe, visit:
> http://www.star.net.uk
> ________________________________________________________________________
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message