Re: SEARCH attack
Thanks much!
The rewrite solution looks good to me as well, and I'll add to my config
shortly!
Thanks again,
Robert
----- Original Message -----
From: "mimo" <mimo@restoel.net>
To: "Robert Cates" <robert@kormar.de>
Cc: <debian-isp@lists.debian.org>
Sent: Monday, June 07, 2004 2:36 PM
Subject: Re: SEARCH attack
> Hi
>
> I have noticed the same here -- have a look at this
>
>
http://216.239.59.104/search?q=cache:RA7huHM9tEoJ:forums.macosxhints.com/showthread.php%3Ft%3D22371+%22SEARCH+/%5Cx90%5Cx02&hl=en
>
> I liked the rewrite solution to throw it to ms... ;)
>
> Michael
>
> Robert Cates wrote:
>
> >Hi,
> >
> >I hoping somebody can both fill me in on what this SEARCH is all about,
and
> >what I can/should do to stop it:
> >
> >Every so often I find a very long request in my Apache access logs that
> >seems to be an attempted SEARCH ("SEARCH /\x90\x02\xb1\x02\xb1\x02\
...").
> >
> >1). Is this a security problem (on a Linux server)?
> >
> >2). If so, how can I stop this? I tried to stop it using a <Limit
SEARCH>,
> >but a configtest told me that "SEARCH" was an undefined or unknown
method.
> >I placed the <Limit SEARCH> within the <Directory /> container as well as
> >out on it's own in the config file.
> >
> >3). Is this a Windows platform issue?
> >
> >4). If so, how can I stop these attempts from filling up my access logs.
> >
> >All info is greatly appreciated!
> >
> >Thanks,
> >Robert
> >
> >
> >
> >
> >
>
>
> --
> Please note that this account is being filtered using anti UCE systems. If
you send email to this account make sure that it could not be mistaken as
UCE.
>
>
Reply to: