[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SEARCH attack

Just be aware that it's actual mod_alias rather than mod_rewrite lines in that extract, so the first line should be

 <IfModule mod_alias.c>

Of course, it will only break due to the error if you don't have mod_rewrite loaded.

On Jun 7, 2004, at 11:58 AM, Robert Cates wrote:

Thanks much!

The rewrite solution looks good to me as well, and I'll add to my config

Thanks again,

----- Original Message -----
From: "mimo" <mimo@restoel.net>
To: "Robert Cates" <robert@kormar.de>
Cc: <debian-isp@lists.debian.org>
Sent: Monday, June 07, 2004 2:36 PM
Subject: Re: SEARCH attack


I have noticed the same here -- have a look at this forums.macosxhints.com/showthread.php%3Ft%3D22371+%22SEARCH+/ %5Cx90%5Cx02&hl=en

I liked the rewrite solution to throw it to ms... ;)


Robert Cates wrote:


I hoping somebody can both fill me in on what this SEARCH is all about,
what I can/should do to stop it:

Every so often I find a very long request in my Apache access logs that
seems to be an attempted SEARCH ("SEARCH /\x90\x02\xb1\x02\xb1\x02\

1).  Is this a security problem (on a Linux server)?

2).  If so, how can I stop this?  I tried to stop it using a <Limit
but a configtest told me that "SEARCH" was an undefined or unknown
I placed the <Limit SEARCH> within the <Directory /> container as well as
out on it's own in the config file.

3).  Is this a Windows platform issue?

4). If so, how can I stop these attempts from filling up my access logs.

All info is greatly appreciated!


Please note that this account is being filtered using anti UCE systems. If
you send email to this account make sure that it could not be mistaken as

To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: