httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dwight Tovey" <>
Subject Re: [users@httpd] IIS SEARCH exploit filling my apache2 logs
Date Fri, 16 Jul 2004 02:45:59 GMT

Andrew Hamm said:

> My access_log is sporadically getting SEARCH commands with approx 32k of
> binary rubbish (represented in \0xXX) in the packet.


> The real question is - can I block or at least filter out these SEARCH
> requests from the log? Once again, so much doco to get through before I
> can start to understand...

I really should add comments to the changes that I make to my config
files.  I ran into the same problem some time back.  I don't remember the
details about why, but I have the following line in my config file:

LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined

If I remember correctly, this still logs the hit, but if it caused a '414'
error (request too long?), then the body of request is not logged.  Kind
of a vague description, but it works for me.  Hopefully it will give you
something to look for so that you can narrow your search in the docs.


Dwight N. Tovey
Always try to be modest and be proud of it!

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message