httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Montgomery <mogtn...@yahoo.com>
Subject Re: [users@httpd] rejecting non GET/POST methods
Date Mon, 28 Apr 2008 20:23:52 GMT
Thanks for the feedback Joshua.

I would still see any attacks by the number of
connections in netstat (which I do monitor). But as
you point out, there is still certainly some
justification to continue logging rejected requests. 
If I can use the conditional logging to write rejected
requests to a separate log file, that would be a good
compromise.

Thanks for the tips, I'll check out the conditional
logging.

Best Regards,
Rob


--- Joshua Slive <joshua@slive.ca> wrote:

> On Sun, Apr 27, 2008 at 7:43 AM, Robert Montgomery
> <mogtnomr@yahoo.com> wrote:
> > Is there a way to tell apache to completely ignore
> >  certain methods, ie, PROPFIND, CCM_POST, CONNECT,
> >  OPTIONS, etc.. (and NOT write those requests to
> the
> >  log files either!)
> >
> >  I've tried LIMIT & LIMIT EXCEPT directives, but
> I'm
> >  not sure if they are working (I still see those
> >  requests being logged).
> >
> >  Also, are there any methods other than GET/POST
> that I
> >  should also consider allowing?  We do nothing
> fancy,
> >  just typical websites on LAMP platforms, so I
> know of
> >  no need for any methods other than GET/POST.
> 
> No, you can't completely ignore HTTP requests.
> Apache has to do
> something with them.
> 
> Yes, you can reject those requests using something
> like
> <LimitExcept GET POST>
> Order allow,deny
> Deny from all
> </LimitExcept>
> 
> But be careful where you place this block, since it
> will override any
> other access controls.
> 
> Yes, you can prevent these requests from being
> logged using conditional logging:
>
http://httpd.apache.org/docs/2.2/logs.html#conditional
> But you shouldn't do that. You'll never know if you
> are being attacked
> or if there are some problems with your site
> involving other methods.
> 
> Joshua.
> 
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
>    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
> 
> 



      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message