Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What HTTP exploit?

  • From: Suresh Ramasubramanian
  • Date: Sun May 30 21:21:20 2004

Richard Welty [30/05/04 19:57 -0400]:
> # control logging
> SetEnvIf Request_URI "^/default.ida?" dontlog
> SetEnvIf Request_Method "SEARCH" dontlog

Nathan Torkington's vermicide helps - (needs mod_perl)

	srs


# this goes into your httpd.conf file
#
# the push_handlers line below prevents logging of worm requests
# remove that line if you want to know who's been contacting you

<Perl>
{
  package Apache::Vermicide;
  use Apache::Constants qw(:common :response);
  sub handler {
    my $r = shift;

    if ($r->uri() =~ /root\.exe|cmd\.exe|default\.ida/i) {
        $r->push_handlers(PerlLogHandler => sub { return BAD_REQUEST });
        return BAD_REQUEST;
    }
    return DECLINED;
  }
}
</Perl>
PerlPostReadRequestHandler Apache::Vermicide




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.