| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 159610784 Willie Wong <wwong@×××××××××.EDU> wrote: |
| 5 |
> On Fri, Mar 10, 2006 at 08:59:09PM -0500, Penguin Lover Jim squawked: |
| 6 |
>> I was wondering if anyone has some easy to do tips for checking the |
| 7 |
>> security of Apache. I am running Apache/2.0.55. Is apache good with |
| 8 |
>> handling bad URL's? I remember with an IIS server I use to have I |
| 9 |
>> needed to install a url filter to help it out. I noticed that I get |
| 10 |
>> requests like the following in my apache log: |
| 11 |
>> |
| 12 |
>> 70.121.133.60 - - [07/Mar/2006:21:31:05 -0500] "SEARCH |
| 13 |
>> /\x90\xc9\xc9\xc9\xc9\xc9\ |
| 14 |
>> |
| 15 |
>> The above is one line and it is 30,000 characters long in the log file. |
| 16 |
>> |
| 17 |
> |
| 18 |
> Near the end of that line should be the HTTP return code Apache gave |
| 19 |
> for that request. What is it? |
| 20 |
> |
| 21 |
> On my box it always returns 414 (Request-URI too long), so I doubt it |
| 22 |
> would be a problem, beyond a major annoyance when going through the |
| 23 |
> logs with 'less'. |
| 24 |
> |
| 25 |
> A URI string like that is almost certainly a client trying to exploit |
| 26 |
> a buffer overflow. I've never seen it being a problem with my |
| 27 |
> (limited) experience running apache. |
| 28 |
> |
| 29 |
> HTH, |
| 30 |
> |
| 31 |
> W |
| 32 |
|
| 33 |
I have not see it be a problem either, Apache returned the same code for |
| 34 |
me. I noticed it because I get "errors" from webalizer like: |
| 35 |
|
| 36 |
Error: Skipping oversized log record |
| 37 |
|
| 38 |
It is not a big deal. I just wanted to make sure I have apache locked |
| 39 |
down OK. |
| 40 |
|
| 41 |
The long entries look like someone trying to hack into IIS with requests |
| 42 |
for exe files. |
| 43 |
|
| 44 |
Thanks for the info, |
| 45 |
|
| 46 |
Jim |
| 47 |
-----BEGIN PGP SIGNATURE----- |
| 48 |
Version: GnuPG v1.4.2.2 (GNU/Linux) |
| 49 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 50 |
|
| 51 |
iD8DBQFEExSdeqJ5Vbm4CxYRAqgdAJ0YYDqFV8cAtf6IXGEOLMjuTLAH4QCcDyE4 |
| 52 |
/F0PCKAW/x6OB5O6foHYA6A= |
| 53 |
=ukRJ |
| 54 |
-----END PGP SIGNATURE----- |
| 55 |
-- |
| 56 |
gentoo-user@g.o mailing list |
Archives