httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mgarriss <>
Subject [users@httpd] blocking one address
Date Fri, 29 Aug 2003 00:40:50 GMT
How can I block requests from a certain ip in Apache?  There is some 
virus (I think) bombarding me with requests for many different things.  
Some examples (cut times to avoid wrapping, but this group was all 
within about 2 secs): "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 400 226 "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 400 226 "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 -

Luckily I'm not running NT.  I suppose a better idea would be to block 
this address from iptables.  Any hints on how to do either of these things?

Another question:  I get the /default.ida (Code Red II virus) requests a 
lot but from far too many different ips to making blocking the addresses 
a solution.  I was returning my 404 page at about 250 bytes each time so 
I just made a 0 length default.ida, not 0 bytes get returned.  However I 
can't do that in this case, anyway to tell apache to return 0 bytes when 
somethings looks for, say, the /scripts dir (which I don't have/need).


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message