Date: Mon, 24 Sep 2001 04:34:06 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG> Cc: security@FreeBSD.ORG Subject: Re: New worm protection Message-ID: <Pine.BSF.3.96.1010924042822.9322D-100000@gaia.nimnet.asn.au> In-Reply-To: <15278.7858.133595.549621@horsey.gshapiro.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 23 Sep 2001, Gregory Neil Shapiro wrote: > smithi> Not an option here, but it's the large number of entries in > smithi> *-error.log that I'd like to be rid of. *-access.log I can just > smithi> grep out before log analysis, if not exclude in the analyser > smithi> config. > > This is what I am using: > > RedirectMatch (.*)/(root.exe|cmd.exe|default.ida).* /goaway.html > SetEnvIf Request_URI "/(root.exe|cmd.exe|default.ida|goaway.html)" MSExploitCrap > CustomLog /var/log/httpd-access.log combined env=!MSExploitCrap > > And then /goaway.html is just a small file: > > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> > <HTML><HEAD><TITLE>Go away</TITLE></HEAD><BODY></BODY></HTML> > > With this, nothing shows up in either httpd-access.log or httpd-error.log. I like it, short and sweet. Thankyou Greg. Thanks also to David Kirchner, David G Andersen, Steve Ames and The Anarcat for lots of angles to explore .. but tomorrow. Cheers, Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1010924042822.9322D-100000>