What HTTP exploit?

• Previous message (by thread): What HTTP exploit?
• Next message (by thread): What HTTP exploit?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Richard Welty [30/05/04 19:57 -0400]:
> # control logging
> SetEnvIf Request_URI "^/default.ida?" dontlog
> SetEnvIf Request_Method "SEARCH" dontlog

Nathan Torkington's vermicide helps - (needs mod_perl)

	srs


# this goes into your httpd.conf file
#
# the push_handlers line below prevents logging of worm requests
# remove that line if you want to know who's been contacting you

<Perl>
{
  package Apache::Vermicide;
  use Apache::Constants qw(:common :response);
  sub handler {
    my $r = shift;

    if ($r->uri() =~ /root\.exe|cmd\.exe|default\.ida/i) {
        $r->push_handlers(PerlLogHandler => sub { return BAD_REQUEST });
        return BAD_REQUEST;
    }
    return DECLINED;
  }
}
</Perl>
PerlPostReadRequestHandler Apache::Vermicide

• Previous message (by thread): What HTTP exploit?
• Next message (by thread): What HTTP exploit?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]