What HTTP exploit?
Suresh Ramasubramanian
suresh at outblaze.com
Mon May 31 01:18:42 UTC 2004
Richard Welty [30/05/04 19:57 -0400]:
> # control logging
> SetEnvIf Request_URI "^/default.ida?" dontlog
> SetEnvIf Request_Method "SEARCH" dontlog
Nathan Torkington's vermicide helps - (needs mod_perl)
srs
# this goes into your httpd.conf file
#
# the push_handlers line below prevents logging of worm requests
# remove that line if you want to know who's been contacting you
<Perl>
{
package Apache::Vermicide;
use Apache::Constants qw(:common :response);
sub handler {
my $r = shift;
if ($r->uri() =~ /root\.exe|cmd\.exe|default\.ida/i) {
$r->push_handlers(PerlLogHandler => sub { return BAD_REQUEST });
return BAD_REQUEST;
}
return DECLINED;
}
}
</Perl>
PerlPostReadRequestHandler Apache::Vermicide
More information about the NANOG
mailing list