httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael D. Berger" <m.d.ber...@ieee.org>
Subject RE: [users@httpd] Missing User-Agent:
Date Fri, 17 Jun 2005 22:44:04 GMT
Thanks for your suggestion.  I caught the packets with tethereal
and found the problem:  I was addressed by IP address rather than
URL.  I reject these, especially since I use dynamic dns.  In
addition, the messages are buffer oferflow attacks.  I address
another issue with these in a message I just sent to the list.
Mike.

--
Michael D. Berger
m.d.berger@ieee.org 

> -----Original Message-----
> From: herauthon [mailto:herauthon@home.nl] 
> Sent: Saturday, June 11, 2005 9:16 AM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Missing User-Agent:
> 
> 
> compare yours with mine - and tell me if the fixed version would work.
> 
> 
> At 04:11 8-6-2005, you wrote:
> > > -----Original Message-----
> > > From: Joshua Slive [mailto:jslive@gmail.com]
> > > Sent: Sunday, June 05, 2005 9:52 PM
> > > To: users@httpd.apache.org
> > > Subject: Re: [users@httpd] Missing User-Agent:
> > >
> > >
> > > On 6/5/05, Michael D. Berger <m.d.berger@ieee.org> wrote:
> > > > > On 6/4/05, Michael D. Berger <m.d.berger@ieee.org> wrote:
> > > > > > I notice that Apache 2.0 rejects, with a 403,
> > > > > > a GET that does not have a User-Agent header,
> > > > > > and I to get some of these.
> > > > > >
> > > > > > Why do I get them?
> > > > > > Why are they rejected?
> > > > >
> > > > > Apache 2 certainly does not do this by default.  There must be
> > > > > someplace in your config that your are restricting based on
> > > > > User-Agent.
> > > > >
> > > > > Joshua.
> > > >
> > > > cd /etc/httpd/conf
> > > > vi httpd.conf
> > > > :set ignorecase
> > > > /user
> > > > /agent
> > > >
> > > > I find nothing in the config file that suggests this.
> > >
> > > What about Include'd config files?
> > >
> > > Other than that, you haven't mentioned the relevant error log and
> > > access log messages.  You also haven't mentioned if you 
> are running a
> > > proxy in front of apache, or if apache is proxying to 
> another server,
> > > etc.
> > >
> > > As I said, apache doesn't do this by default.
> > >
> > > Joshua.
> >
> >I am using the configuration supplied with RH-E-W-3, with a 
> few changes,
> >inclusing a virtual host and blocking of directory listing.  
> As you can
> >see from the log lines below, the block of directory listing 
> is involved.
> >It is as if when a User-Agent is not supplied, it tries to list the
> >direcory, even though there is an index.html.  Why would this be?  I
> >don't know about the Include'd config files -- whatever RH set up.
> >Sorry for the long silence.
> >Mike.
> >
> >
> >halls-129-31-65-108.hor.ic.ac.uk - - [07/Jun/2005:09:42:01 
> -0400] "GET /
> >HTTP/1.1" 200 808 "-" "Mozilla/5.0 (Windows; U; Windows NT 
> 5.1; en-GB;
> >rv:1.7.8) Gecko/20050511 Firefox/1.0.4"
> >
> >adsl-68-72-134-32.dsl.chcgil.ameritech.net - - 
> [07/Jun/2005:13:52:47 -0400]
> >"GET / HTTP/1.0" 403 202 "-" "-"
> >
> >[Tue Jun 07 13:52:47 2005] [error] [client 68.72.134.32] 
> Directory index
> >forbidden by rule: /var/www/html/
> >
> >--
> >Michael D. Berger
> >m.d.berger@ieee.org
> >
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP 
> Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message