Date: Sun, 23 Sep 2001 10:41:06 -0700 From: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG> To: Ian Smith <smithi@nimnet.asn.au> Cc: security@FreeBSD.ORG Subject: Re: New worm protection Message-ID: <15278.7858.133595.549621@horsey.gshapiro.net> In-Reply-To: <Pine.BSF.3.96.1010924022816.9322B-100000@gaia.nimnet.asn.au> References: <200109230836.f8N8akx29012@faith.cs.utah.edu> <Pine.BSF.3.96.1010924022816.9322B-100000@gaia.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
smithi> Not an option here, but it's the large number of entries in smithi> *-error.log that I'd like to be rid of. *-access.log I can just smithi> grep out before log analysis, if not exclude in the analyser smithi> config. This is what I am using: RedirectMatch (.*)/(root.exe|cmd.exe|default.ida).* /goaway.html SetEnvIf Request_URI "/(root.exe|cmd.exe|default.ida|goaway.html)" MSExploitCrap CustomLog /var/log/httpd-access.log combined env=!MSExploitCrap And then /goaway.html is just a small file: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> <HTML><HEAD><TITLE>Go away</TITLE></HEAD><BODY></BODY></HTML> With this, nothing shows up in either httpd-access.log or httpd-error.log. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15278.7858.133595.549621>