httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoffrey Bennett <geoff...@ticom.com>
Subject Re: [users@httpd] Request !
Date Wed, 03 Sep 2003 15:35:57 GMT
On Wed, 2003-09-03 at 15:02, KAN NAN wrote:

>  this time, just have a look at the log entries:
> 
> 211.147.1.82 - - [02/Sep/2003:08:59:31 +0100] "GET / HTTP/1.1" 400 380
> 211.147.1.82 - - [02/Sep/2003:08:59:43 +0100] "POST / HTTP/1.1" 500
> 604

What you are seeing here are the headers that Apache logged for you.
What a GIDS sees is the entire packet coming into the system: headers,
payload, and all!!! Much much more than what Apache has logged for your
here. That is why a GIDS can do something about the hostile traffic
coming in. It sees the payload of the packets, matches it against it's
ruleset of alerts and actions, and then deals with the packet as
instructed. Let me know if you want a clearer explanation with examples.

geoffrey
-- 
Geoffrey Bennett <geoffrey@ticom.com>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message