1 |
On Fri, Mar 10, 2006 at 08:59:09PM -0500, Penguin Lover Jim squawked: |
2 |
> I was wondering if anyone has some easy to do tips for checking the |
3 |
> security of Apache. I am running Apache/2.0.55. Is apache good with |
4 |
> handling bad URL's? I remember with an IIS server I use to have I |
5 |
> needed to install a url filter to help it out. I noticed that I get |
6 |
> requests like the following in my apache log: |
7 |
> |
8 |
> 70.121.133.60 - - [07/Mar/2006:21:31:05 -0500] "SEARCH |
9 |
> /\x90\xc9\xc9\xc9\xc9\xc9\ |
10 |
> |
11 |
> The above is one line and it is 30,000 characters long in the log file. |
12 |
> |
13 |
|
14 |
Near the end of that line should be the HTTP return code Apache gave |
15 |
for that request. What is it? |
16 |
|
17 |
On my box it always returns 414 (Request-URI too long), so I doubt it |
18 |
would be a problem, beyond a major annoyance when going through the |
19 |
logs with 'less'. |
20 |
|
21 |
A URI string like that is almost certainly a client trying to exploit |
22 |
a buffer overflow. I've never seen it being a problem with my |
23 |
(limited) experience running apache. |
24 |
|
25 |
HTH, |
26 |
|
27 |
W |
28 |
-- |
29 |
You're not paranoid. |
30 |
The world _IS_ fucked. |
31 |
Sortir en Pantoufles: up 118 days, 21:18 |
32 |
-- |
33 |
gentoo-user@g.o mailing list |