Gentoo Archives: gentoo-user

From: Willie Wong <wwong@×××××××××.EDU>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Apache security tips
Date: Sat, 11 Mar 2006 05:06:24
Message-Id: 20060311050001.GA7548@princeton.edu
In Reply to: [gentoo-user] Apache security tips by Jim
1 On Fri, Mar 10, 2006 at 08:59:09PM -0500, Penguin Lover Jim squawked:
2 > I was wondering if anyone has some easy to do tips for checking the
3 > security of Apache. I am running Apache/2.0.55. Is apache good with
4 > handling bad URL's? I remember with an IIS server I use to have I
5 > needed to install a url filter to help it out. I noticed that I get
6 > requests like the following in my apache log:
7 >
8 > 70.121.133.60 - - [07/Mar/2006:21:31:05 -0500] "SEARCH
9 > /\x90\xc9\xc9\xc9\xc9\xc9\
10 >
11 > The above is one line and it is 30,000 characters long in the log file.
12 >
13
14 Near the end of that line should be the HTTP return code Apache gave
15 for that request. What is it?
16
17 On my box it always returns 414 (Request-URI too long), so I doubt it
18 would be a problem, beyond a major annoyance when going through the
19 logs with 'less'.
20
21 A URI string like that is almost certainly a client trying to exploit
22 a buffer overflow. I've never seen it being a problem with my
23 (limited) experience running apache.
24
25 HTH,
26
27 W
28 --
29 You're not paranoid.
30 The world _IS_ fucked.
31 Sortir en Pantoufles: up 118 days, 21:18
32 --
33 gentoo-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-user] Apache security tips "Michael Stewart (vericgar)" <vericgar@g.o>
Re: [gentoo-user] Apache security tips Jim <Jim@×××××××××××××××××.org>