On Mon, Jun 07, 2004 at 11:42:53 +0200, Robert Cates wrote: > I hoping somebody can both fill me in on what this SEARCH is all about,
SEARCH is documented in http://greenbytes.de/tech/webdav/draft-reschke-webdav-search-latest.html#rfc.section.2 It is a part of an internet draft extending the WebDAV protocol (http://www.webdav.org) which extends HTTP with features suitable for authoring and versioning. > and what I can/should do to stop it: > > Every so often I find a very long request in my Apache access logs that > seems to be an attempted SEARCH ("SEARCH /\x90\x02\xb1\x02\xb1\x02\ ..."). > > 1). Is this a security problem (on a Linux server)? Judging by http://www.snort.org/snort-db/sid.html?sid=1070 it is only really relevant for IIS servers. > 2). If so, how can I stop this? I tried to stop it using a <Limit SEARCH>, > but a configtest told me that "SEARCH" was an undefined or unknown method. Your server doesn't implement the SEARCH method, so the attempted overflow fails. HTH, Ray -- LWN normally tries to avoid talking much about Microsoft - it is simply irrelevant to the free software world most of the time. http://www.lwn.net/2000/0406/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
