httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] mod_rewrite for security...
Date Fri, 21 Jan 2005 17:23:15 GMT
On Fri, 21 Jan 2005 09:26:18 -0500, Andy J.M. <apache2@yourimedia.com> wrote:
> Hello.
> 
> I'm fairly new to server administration and Apache configs. I've been
> following this list for a while and have seen some great help.
> 
> I'm sure some/most of you are familiar with the old buffer overrun:
> 
> "A total of 1 unidentified 'other' records logged
>   SEARCH /\x90\x02\xb1\x02\....."
> 
> from logwatch or in your http access logs.
> 
> I quickly came across a cool trick yesterday about using mod_rewrite and/or
> Multiviews to redirect this to --forbidden--. Unfortunately I cannot find
> the information again.
> 
> What's really bothering me about it is that it's causing Webalizer to hiccup
> on the logs. I know the latest release of Webalizer accounts for this
> overrun... but I'm not ready to install that release or apply the fix. I'd
> prefer to learn how to counter it --- just the same.

This request cannot be redirected because apache rejects it very early
in its processing.  Anyway, redirection would not help with your log
problem.

You can, however, instruct apache not to log the whole request URI on
these type of requests by replacing %r in your log format string with
%!414r, which tells apache not to log the request line when teh status
code is 414.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message