From owner-freebsd-security Sun Sep 23 10:41:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id 7D43837B42B for ; Sun, 23 Sep 2001 10:41:08 -0700 (PDT) Received: from horsey.gshapiro.net (gshapiro@localhost [IPv6:::1]) by horsey.gshapiro.net (8.12.0/8.12.0) with ESMTP id f8NHf6I8064501 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 23 Sep 2001 10:41:06 -0700 (PDT) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.0/8.12.0/Submit) id f8NHf6Gs064498; Sun, 23 Sep 2001 10:41:06 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15278.7858.133595.549621@horsey.gshapiro.net> Date: Sun, 23 Sep 2001 10:41:06 -0700 From: Gregory Neil Shapiro To: Ian Smith Cc: security@FreeBSD.ORG Subject: Re: New worm protection In-Reply-To: References: <200109230836.f8N8akx29012@faith.cs.utah.edu> X-Mailer: VM 6.96 under 21.5 (beta1) "anise" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org smithi> Not an option here, but it's the large number of entries in smithi> *-error.log that I'd like to be rid of. *-access.log I can just smithi> grep out before log analysis, if not exclude in the analyser smithi> config. This is what I am using: RedirectMatch (.*)/(root.exe|cmd.exe|default.ida).* /goaway.html SetEnvIf Request_URI "/(root.exe|cmd.exe|default.ida|goaway.html)" MSExploitCrap CustomLog /var/log/httpd-access.log combined env=!MSExploitCrap And then /goaway.html is just a small file: Go away With this, nothing shows up in either httpd-access.log or httpd-error.log. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message