httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dwight Tovey" <dwi...@dtovey.net>
Subject Re: [users@httpd] IIS SEARCH exploit filling my apache2 logs
Date Fri, 16 Jul 2004 02:45:59 GMT

Andrew Hamm said:

...
> My access_log is sporadically getting SEARCH commands with approx 32k of
> binary rubbish (represented in \0xXX) in the packet.

...

>
> The real question is - can I block or at least filter out these SEARCH
> requests from the log? Once again, so much doco to get through before I
> can start to understand...
>

I really should add comments to the changes that I make to my config
files.  I ran into the same problem some time back.  I don't remember the
details about why, but I have the following line in my config file:

LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined

If I remember correctly, this still logs the hit, but if it caused a '414'
error (request too long?), then the body of request is not logged.  Kind
of a vague description, but it works for me.  Hopefully it will give you
something to look for so that you can narrow your search in the docs.

    /dwight

-- 
Dwight N. Tovey
email: dwight@dtovey.net
web: http://www.dtovey.net/~dwight
-----------
Always try to be modest and be proud of it!


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message