nanog mailing list archives
Re: What HTTP exploit?
From: Suresh Ramasubramanian <suresh () outblaze com>
Date: Mon, 31 May 2004 06:48:42 +0530
Richard Welty [30/05/04 19:57 -0400]:
# control logging SetEnvIf Request_URI "^/default.ida?" dontlog SetEnvIf Request_Method "SEARCH" dontlog
Nathan Torkington's vermicide helps - (needs mod_perl) srs # this goes into your httpd.conf file # # the push_handlers line below prevents logging of worm requests # remove that line if you want to know who's been contacting you <Perl> { package Apache::Vermicide; use Apache::Constants qw(:common :response); sub handler { my $r = shift; if ($r->uri() =~ /root\.exe|cmd\.exe|default\.ida/i) { $r->push_handlers(PerlLogHandler => sub { return BAD_REQUEST }); return BAD_REQUEST; } return DECLINED; } } </Perl> PerlPostReadRequestHandler Apache::Vermicide
Current thread:
- What HTTP exploit? John Palmer (NANOG Acct) (May 30)
- RE: What HTTP exploit? Todd Mitchell - lists (May 30)
- Re: What HTTP exploit? Matthew McGehrin (May 30)
- Re: What HTTP exploit? Richard Welty (May 30)
- Re: What HTTP exploit? Suresh Ramasubramanian (May 30)
- <Possible follow-ups>
- Re: What HTTP exploit? Mike Nice (May 31)
- Re: What HTTP exploit? Vinny Abello (May 31)
- Re: What HTTP exploit? Laurence F. Sheldon, Jr. (May 31)
- Re: What HTTP exploit? Paul G (May 31)
- Re: What HTTP exploit? Bob Martin (May 31)
- Re: What HTTP exploit? Jason Dixon (May 31)
- Re: What HTTP exploit? Vinny Abello (May 31)