At 08:28 PM 3.27.2004 +0100, Cordula's Web wrote: >> Within the past couple of weeks, the Apache logs have shown a new type of >> intrusion -- a very, very long URL request -- that finally receives a error >> 414. I don't know the purpose of this one, but doesn't appear >> well-intended. It comes late at night and from different IPs. One request >> even used one of my own IPs. So, the firewall won't help -- nor server deny. >> >> My question is what syntax can I add, if any, to my httpd.conf to redirect >> such requests..?? >> >> Here's a very small (about 1-5%) snippet of the nasty URL: >> >> 65.35.186.74 - - [26/Mar/2004:19:01:04 -0600] "SEARCH >> /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb >> 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 >> 2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb >> 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 >> 2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb >> 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 >> 2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 .... and >> on and on.... > >Are only SEARCH requests affected, or GET as well? >
The ones I've seen have all been SEARCH.... Best regards, Jack L. Stone, Administrator Sage American http://www.sage-american.com [EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
