httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mgarriss <mgarr...@earthlink.net>
Subject Re: [users@httpd] blocking one address
Date Fri, 29 Aug 2003 02:09:27 GMT
Mike wrote:

> You're seeing code red and/or nimba (from ages ago) hits from machines 
> that are *still* infected.
>
> To deal with these things, I have the following in my httpd.conf:
>
> # Redirect Code Red, NIMDA and other inappropriate access attempts to 
> invalid URL
> Redirect /_mem_bin http://www.request.invalid
> Redirect /_vti_bin http://www.request.invalid
> Redirect /c http://www.request.invalid
> Redirect /d http://www.request.invalid
> Redirect /msadc http://www.request.invalid
> Redirect /MSADC http://www.request.invalid
> Redirect /scripts http://www.request.invalid
> Redirect /sumthin http://www.request.invalid
> RedirectMatch ^.*\.(dll|ida)*$ http://127.0.0.1/$1
> RedirectMatch (.*)\cmd.exe$ http://127.0.0.1/$1
>
> Put those in your httpd.conf file (assuming you have access to your 
> box and assuming the machine isn't a windoze web server) and then 
> restart apache. 


Great tip!

I have noticed that ALL of these hits are from within either 68.52.*.* 
or 68.166.*.*  I think one is a comcast domain and the other is an 
earthlink (covad) domain.  It probably wouldn't be cool to block these, 
oh well.  I'll use the above.

One thought:  I wonder what's a bigger CPU hit, Redirect or 404 (0 length)?

Michael


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message