Thanks much! The rewrite solution looks good to me as well, and I'll add to my config shortly!
Thanks again, Robert ----- Original Message ----- From: "mimo" <[EMAIL PROTECTED]> To: "Robert Cates" <[EMAIL PROTECTED]> Cc: <debian-isp@lists.debian.org> Sent: Monday, June 07, 2004 2:36 PM Subject: Re: SEARCH attack > Hi > > I have noticed the same here -- have a look at this > > http://216.239.59.104/search?q=cache:RA7huHM9tEoJ:forums.macosxhints.com/showthread.php%3Ft%3D22371+%22SEARCH+/%5Cx90%5Cx02&hl=en > > I liked the rewrite solution to throw it to ms... ;) > > Michael > > Robert Cates wrote: > > >Hi, > > > >I hoping somebody can both fill me in on what this SEARCH is all about, and > >what I can/should do to stop it: > > > >Every so often I find a very long request in my Apache access logs that > >seems to be an attempted SEARCH ("SEARCH /\x90\x02\xb1\x02\xb1\x02\ ..."). > > > >1). Is this a security problem (on a Linux server)? > > > >2). If so, how can I stop this? I tried to stop it using a <Limit SEARCH>, > >but a configtest told me that "SEARCH" was an undefined or unknown method. > >I placed the <Limit SEARCH> within the <Directory /> container as well as > >out on it's own in the config file. > > > >3). Is this a Windows platform issue? > > > >4). If so, how can I stop these attempts from filling up my access logs. > > > >All info is greatly appreciated! > > > >Thanks, > >Robert > > > > > > > > > > > > > -- > Please note that this account is being filtered using anti UCE systems. If you send email to this account make sure that it could not be mistaken as UCE. > >
