httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] IIS SEARCH exploit filling my apache2 logs
Date Fri, 16 Jul 2004 13:26:41 GMT
On Thu, 15 Jul 2004 20:45:59 -0600 (MDT), Dwight Tovey
<dwight@dtovey.net> wrote:
> 
> Andrew Hamm said:

> > The real question is - can I block or at least filter out these SEARCH
> > requests from the log? Once again, so much doco to get through before I
> > can start to understand...
> >
> 
> I really should add comments to the changes that I make to my config
> files.  I ran into the same problem some time back.  I don't remember the
> details about why, but I have the following line in my config file:
> 
> LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"" combined
> 
> If I remember correctly, this still logs the hit, but if it caused a '414'
> error (request too long?), then the body of request is not logged.  Kind
> of a vague description, but it works for me.  Hopefully it will give you
> something to look for so that you can narrow your search in the docs.

Cute idea.  I'd never thought of that, but it should work (although it
will hide some information that may be useful in debugging).

The things I usually recommend:

1. Post-process your logs to get rid of entries you don't want.

2. If your system is really incapable of handling log lines that long,
you should set LimitRequestLine to a lower value in httpd.conf.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message