1 |
Willie Wong wrote: |
2 |
> On Fri, Mar 10, 2006 at 08:59:09PM -0500, Penguin Lover Jim squawked: |
3 |
> |
4 |
>>I was wondering if anyone has some easy to do tips for checking the |
5 |
>>security of Apache. I am running Apache/2.0.55. Is apache good with |
6 |
>>handling bad URL's? I remember with an IIS server I use to have I |
7 |
>>needed to install a url filter to help it out. I noticed that I get |
8 |
>>requests like the following in my apache log: |
9 |
>> |
10 |
>>70.121.133.60 - - [07/Mar/2006:21:31:05 -0500] "SEARCH |
11 |
>>/\x90\xc9\xc9\xc9\xc9\xc9\ |
12 |
>> |
13 |
>>The above is one line and it is 30,000 characters long in the log file. |
14 |
>> |
15 |
|
16 |
You may want to look into mod_security for apache as well. IIRC it is |
17 |
designed to protect from such attacks. |
18 |
|
19 |
|
20 |
-- |
21 |
Michael Stewart vericgar@g.o |
22 |
Gentoo Developer http://dev.gentoo.org/~vericgar |
23 |
|
24 |
GnuPG Key ID 0x08614788 available on http://pgp.mit.edu |
25 |
-- |