Karl Chen wrote: > > What about the NOOP idea? If the connection could be reliably > detected to be coming from [EMAIL PROTECTED], would there still be > a risk of an attack going unnoticed? > > It seems reasonable to elide those messages by default, or at > least write them to a different log file. I'd say the risk of a > real attack getting drowned in noise is currently higher than a > kernel that allows spoofing TCP connections from localhost. > Apache could also look at the srcport to check that it's coming > from the httpd process+user. And it could create a nonce at > startup and only elide messages with the proper nonce. Lots of > ways to authenticate yourself to yourself :)
Karl - you can pretty easily toggle requests with mod_log_custom and either mod_setenvif or mod_rewrite to not appear in the log, I'll leave that as an exercise to the reader (or efficient google user).