1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 159610784 Willie Wong <wwong@×××××××××.EDU> wrote: |
5 |
> On Fri, Mar 10, 2006 at 08:59:09PM -0500, Penguin Lover Jim squawked: |
6 |
>> I was wondering if anyone has some easy to do tips for checking the |
7 |
>> security of Apache. I am running Apache/2.0.55. Is apache good with |
8 |
>> handling bad URL's? I remember with an IIS server I use to have I |
9 |
>> needed to install a url filter to help it out. I noticed that I get |
10 |
>> requests like the following in my apache log: |
11 |
>> |
12 |
>> 70.121.133.60 - - [07/Mar/2006:21:31:05 -0500] "SEARCH |
13 |
>> /\x90\xc9\xc9\xc9\xc9\xc9\ |
14 |
>> |
15 |
>> The above is one line and it is 30,000 characters long in the log file. |
16 |
>> |
17 |
> |
18 |
> Near the end of that line should be the HTTP return code Apache gave |
19 |
> for that request. What is it? |
20 |
> |
21 |
> On my box it always returns 414 (Request-URI too long), so I doubt it |
22 |
> would be a problem, beyond a major annoyance when going through the |
23 |
> logs with 'less'. |
24 |
> |
25 |
> A URI string like that is almost certainly a client trying to exploit |
26 |
> a buffer overflow. I've never seen it being a problem with my |
27 |
> (limited) experience running apache. |
28 |
> |
29 |
> HTH, |
30 |
> |
31 |
> W |
32 |
|
33 |
I have not see it be a problem either, Apache returned the same code for |
34 |
me. I noticed it because I get "errors" from webalizer like: |
35 |
|
36 |
Error: Skipping oversized log record |
37 |
|
38 |
It is not a big deal. I just wanted to make sure I have apache locked |
39 |
down OK. |
40 |
|
41 |
The long entries look like someone trying to hack into IIS with requests |
42 |
for exe files. |
43 |
|
44 |
Thanks for the info, |
45 |
|
46 |
Jim |
47 |
-----BEGIN PGP SIGNATURE----- |
48 |
Version: GnuPG v1.4.2.2 (GNU/Linux) |
49 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
50 |
|
51 |
iD8DBQFEExSdeqJ5Vbm4CxYRAqgdAJ0YYDqFV8cAtf6IXGEOLMjuTLAH4QCcDyE4 |
52 |
/F0PCKAW/x6OB5O6foHYA6A= |
53 |
=ukRJ |
54 |
-----END PGP SIGNATURE----- |
55 |
-- |
56 |
gentoo-user@g.o mailing list |