Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Sep 2001 00:40:07 -0400
From:      Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net>
To:        freebsd-questions@FreeBSD.org, freebsd-questions@FreeBSD.org
Subject:   Re: NEW VIRUS - Read this!(No the virus isn't included!)
Message-ID:  <20010919004006.A85981@acadia.ne.mediaone.net>
In-Reply-To: <00f001c1409d$841b2860$c8e1b3d8@liquidground.com>
References:  <fa.i8s2cav.1cj05p6@ifi.uio.no> <00f001c1409d$841b2860$c8e1b3d8@liquidground.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 09/18/01 04:56 PM, DrTebi sat at the `puter and typed:
> A little help to keep your apache logs clean (it's not perfect, but does at
> least save you some of those stupid hacking attempts). Put this into your
> httpd.conf file:
> 
> # mircosoft viruses
> SetEnvIf Request_URI \.exe$ other=ms-bs
> SetEnvIf Request_URI \.dll$ other=ms-bs
> 
> CustomLog /path/to/your/access_log env=!other
> 
> 
> Any improvements are greatly appreciated.
> DrTebi

Hmm.  I am not seeing this work.  I assume the intent was to have the
error logs go to another logfile, but it isn't working.  I loaned out
my Apache book so I can't check what I'm doing wrong.

Here is what I did in httpd.conf:

  SetEnvIf Request_URI \.exe$ other=ms-bs
  SetEnvIf Request_URI \.dll$ other=ms-bs

  CustomLog /WWW/log/ms_virii_log env=!other

This was done in the general config area, and the virtual host area,
but this is what shows up:

In /WWW/log/ms_virii_log:
env=!other

And in /var/log/httpsd/error_log:
[Wed Sep 19 00:34:27 2001] [error] [client 65.96.30.122] File does not
exist: /WWW/httpd/html/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe

I assume I am just tired and missed something obvious.  If you get a
chance, let me know?

Thanks

Lou
-- 
Louis LeBlanc       leblanc@acadia.ne.mediaone.net
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://acadia.ne.mediaone.net                 ԿԬ

Cynic, n.:
  One who looks through rose-colored glasses with a jaundiced eye.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010919004006.A85981>