Apache 2.0.53 running on WinXP Pro
Neophyte question:
Is there a way to automatically update the list of IPs that are denied service
(even http responses...just drop the request) when they are making clear
attempts either to deny service or even take control of the system? Some people
trying to gain access to my documents legitimately with a university network get
a "failure to establish a connection" on the broswer and even I get that from
the host running the server.
The error log is below for today (when I put Apache actively taking on port 80
service). The access log show entries from these hosts where they get the root
document index obviously to see a working server, then they issue a SEARCH http
request with a hugely long string....trying to exploit buffer overruns??
[Thu Dec 15 08:33:37 2005] [error] [client 80.251.42.208] request failed: URI
too long (longer than 8190)
[Thu Dec 15 08:43:52 2005] [error] [client 80.251.42.205] request failed: URI
too long (longer than 8190)
[Thu Dec 15 08:43:52 2005] [info] (OS 10054)An existing connection was forcibly
closed by the remote host. : core_output_filter: writing data to the network
[Thu Dec 15 08:44:21 2005] [error] [client 80.251.42.205] request failed: URI
too long (longer than 8190)
[Thu Dec 15 08:49:08 2005] [error] [client 80.251.42.210] request failed: URI
too long (longer than 8190)
[Thu Dec 15 08:49:09 2005] [info] (OS 10054)An existing connection was forcibly
closed by the remote host. : core_output_filter: writing data to the network
[Thu Dec 15 08:55:09 2005] [error] [client 80.251.42.239] request failed: URI
too long (longer than 8190)
[Thu Dec 15 08:55:09 2005] [info] (OS 10054)An existing connection was forcibly
closed by the remote host. : core_output_filter: writing data to the network
[Thu Dec 15 08:55:14 2005] [error] [client 80.251.42.230] request failed: URI
too long (longer than 8190)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
