From owner-freebsd-security Sun Sep 23 11:34:15 2001 Delivered-To: freebsd-security@freebsd.org Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by hub.freebsd.org (Postfix) with ESMTP id 88DFF37B418; Sun, 23 Sep 2001 11:34:08 -0700 (PDT) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.2) with SMTP id EAA13061; Mon, 24 Sep 2001 04:34:06 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Mon, 24 Sep 2001 04:34:06 +1000 (EST) From: Ian Smith To: Gregory Neil Shapiro Cc: security@FreeBSD.ORG Subject: Re: New worm protection In-Reply-To: <15278.7858.133595.549621@horsey.gshapiro.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 23 Sep 2001, Gregory Neil Shapiro wrote: > smithi> Not an option here, but it's the large number of entries in > smithi> *-error.log that I'd like to be rid of. *-access.log I can just > smithi> grep out before log analysis, if not exclude in the analyser > smithi> config. > > This is what I am using: > > RedirectMatch (.*)/(root.exe|cmd.exe|default.ida).* /goaway.html > SetEnvIf Request_URI "/(root.exe|cmd.exe|default.ida|goaway.html)" MSExploitCrap > CustomLog /var/log/httpd-access.log combined env=!MSExploitCrap > > And then /goaway.html is just a small file: > > > Go away > > With this, nothing shows up in either httpd-access.log or httpd-error.log. I like it, short and sweet. Thankyou Greg. Thanks also to David Kirchner, David G Andersen, Steve Ames and The Anarcat for lots of angles to explore .. but tomorrow. Cheers, Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message