Re: What HTTP exploit?

From: Suresh Ramasubramanian (no email)
Date: Sun May 30 2004 - 21:18:42 EDT


Richard Welty [30/05/04 19:57 -0400]:
> # control logging
> SetEnvIf Request_URI "^/default.ida?" dontlog
> SetEnvIf Request_Method "SEARCH" dontlog

Nathan Torkington's vermicide helps - (needs mod_perl)

        srs

# this goes into your httpd.conf file
#
# the push_handlers line below prevents logging of worm requests
# remove that line if you want to know who's been contacting you

<Perl>
{
  package Apache::Vermicide;
  use Apache::Constants qw(:common :response);
  sub handler {
    my $r = shift;

    if ($r->uri() =~ /root\.exe|cmd\.exe|default\.ida/i) {
        $r->push_handlers(PerlLogHandler => sub { return BAD_REQUEST });
        return BAD_REQUEST;
    }
    return DECLINED;
  }
}
</Perl>
PerlPostReadRequestHandler Apache::Vermicide








Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD