Security Basics mailing list archives
Re: GET //awstats.pl? in apache logs
From: Konstantine <listclient () gmail com>
Date: Mon, 24 Oct 2005 22:47:43 +0100
On 10/24/05, S.A. Birl <sbirl () temple edu> wrote: <snip> Or, you could do what I did: Write your own PERL script to caputre the offending IP, write it out to an external blacklist (that Apache includes in it's httpd.conf); restart Apache and viola! IP banned. <snip implementation> I like this idea and I will probably use it, not for banning but making a list of IPs making various requests. Thanks for providing the example. I am not familiar with Perl so I have two questions relating to your script if you don't mind. Thanks in advance. Is there anyway a request is made as to $ENV{"REMOTE_ADDR"} to be something other than expected form. i.e. a dotted quad IP? system("/usr/bin/touch /usr/local/apache/nobody /restart"); # What is this line doing? Thanks again to everybody who replied to my original posting. K.
Current thread:
- GET //awstats.pl? in apache logs Konstantine (Oct 24)
- Re: GET //awstats.pl? in apache logs ilaiy (Oct 24)
- Re: GET //awstats.pl? in apache logs Andreas Constantinides (MegaHz) (Oct 24)
- Re: GET //awstats.pl? in apache logs FocusHacks (Oct 24)
- Re: GET //awstats.pl? in apache logs Can't dig that daddy (Oct 24)
- RE: GET //awstats.pl? in apache logs mail list (Oct 24)
- Message not available
- Fwd: GET //awstats.pl? in apache logs Tobias Hahn (Oct 25)
- RE: GET //awstats.pl? in apache logs mail list (Oct 24)
- Re: GET //awstats.pl? in apache logs S.A. Birl (Oct 24)
- Re: GET //awstats.pl? in apache logs Konstantine (Oct 25)
- <Possible follow-ups>
- Re: GET //awstats.pl? in apache logs [a] (Oct 24)