From owner-freebsd-questions@FreeBSD.ORG Wed Jun 13 16:43:47 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D157616A46B for ; Wed, 13 Jun 2007 16:43:47 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.freebsd.org (Postfix) with ESMTP id 61C0F13C4C9 for ; Wed, 13 Jun 2007 16:43:47 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: (qmail 30994 invoked from network); 14 Jun 2007 02:43:47 +1000 Received: from 203-217-66-106.dyn.iinet.net.au (HELO localhost) (203.217.66.106) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 14 Jun 2007 02:43:46 +1000 Date: Thu, 14 Jun 2007 02:43:43 +1000 From: Norberto Meijome To: bob@a1poweruser.com Message-ID: <20070614024343.10ff6632@localhost> In-Reply-To: References: X-Mailer: Claws Mail 2.9.2 (GTK+ 2.10.12; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Ian Smith , freebsd-questions@freebsd.org Subject: Re: Apache access log shows these attack requests X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jun 2007 16:43:47 -0000 On Wed, 13 Jun 2007 10:50:20 -0400 "Bob" wrote: Hi Bob, please learn how to quote in a reply to a message - it's pretty hard to figure out who's written what otherwise. > I checked with ls -l command and I have no pages 7036 in size. (hmm... does those bytes include the headers et al ? if they do, then u should be looking for something else other than 7036 in the filesystem...anyway... > My question > is why is apache servicing a request for "\x04\x01", this is not a valid > request in first place. maybe if you show us your apache config it would be easier to figure out what you allow or not. To make it simpler, the DEFAULT config in apache (with no mod_proxy) is quite secure wrt access to / . > You wrote "because I disallow 'no referrer' > plus 'no browser' ("-" "-") connects from non-local addresses, blocking > heaps of rogue robots" > Could you give me a example of the httpd.config coding you used for this? > These denied requests get logged in the access.log, I would think they > should be logged in the error.log. well, they are not an error from apache's POV, are they? they get served OK :) therefore, access. (the fact that you dont like it doenst make it less "correct" for Apache ;) B _________________________ {Beto|Norberto|Numard} Meijome "The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." Bertrand Russell I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.