Gentoo Archives: gentoo-user

From:	"Michael Stewart (vericgar)" <vericgar@g.o>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] Apache security tips
Date:	Sat, 11 Mar 2006 07:31:34
Message-Id:	`44127BE0.6050206@gentoo.org`
In Reply to:	Re: [gentoo-user] Apache security tips by Willie Wong

1	Willie Wong wrote:
2	> On Fri, Mar 10, 2006 at 08:59:09PM -0500, Penguin Lover Jim squawked:
3	>
4	>>I was wondering if anyone has some easy to do tips for checking the
5	>>security of Apache. I am running Apache/2.0.55. Is apache good with
6	>>handling bad URL's? I remember with an IIS server I use to have I
7	>>needed to install a url filter to help it out. I noticed that I get
8	>>requests like the following in my apache log:
9	>>
10	>>70.121.133.60 - - [07/Mar/2006:21:31:05 -0500] "SEARCH
11	>>/\x90\xc9\xc9\xc9\xc9\xc9\
12	>>
13	>>The above is one line and it is 30,000 characters long in the log file.
14	>>
15
16	You may want to look into mod_security for apache as well. IIRC it is
17	designed to protect from such attacks.
18
19
20	--
21	Michael Stewart vericgar@g.o
22	Gentoo Developer http://dev.gentoo.org/~vericgar
23
24	GnuPG Key ID 0x08614788 available on http://pgp.mit.edu
25	--

File name	MIME type
signature.asc	application/pgp-signature

Subject	Author
Re: [gentoo-user] Apache security tips	Jim <Jim@×××××××××××××××××.org>