I've have to use a "deny" in a RemoteAddrValve to solve the following
problem--
A normal URL for my site might be:
http://diglloyd.com/diglloyd/free/Eagles/Eagles.html
eg /diglloyd/free/Eagles/Eagles.html
(check it out if you want to see some unusual eagle photos)
But I see tons of 404 errors, with someone/thing from 62.42.21.210
(ono.com) doing:
http://diglloyd.com/diglloyd/free/diglloyd/free/Eagles/Eagles.html
http://diglloyd.com/diglloyd/free/diglloyd/free/diglloyd/free/Eagles/Eagles.html
http://diglloyd.com/diglloyd/free/diglloyd/free/diglloyd/free/diglloyd/free/Eagles/Eagles.html
http://diglloyd.com/diglloyd/free/diglloyd/free/diglloyd/free/diglloyd/free/diglloyd/free/Eagles/Eagles.html
... ad nauseum...
Similar illegal variants are sent for all the other URLs on my site.
I also see illegal requests like this from several sites:
/diglloyd/blog-images/?S=A
Is there a weakness in Tomcat being probed here?
What is the best way to block such things? Ignore them since they just
return 404 error anyway? Write a filter to insert a long delay for
blatantly wrong requests?
I'm not sure if that ono.com represents a single user or an entire
ISP, so I'm loathe to block it entirely.
Lloyd
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
