One way is to use some sort of packet scrubbing method. either iptables on the webserver or firewall and queue all web traffic to snort-iptables (http://w3.cablespeed.com/~rvmcmil/).
or hogwash http://hogwash.sourceforge.net/ Both of these methods use snort based rules so you can easily update it to filter new web attacks when they appear. If you use snort-iptables you should compile with the "--enable-flexresp" and add "resp: rst_rcv;" to the rules so that sessions that are filter are closed properly with your webserver. On Mon, 2002-01-28 at 09:49, Brian Clifton wrote: > Dear All > > Is there a way to stop apache responding to .exe file requests altogether? > > I am getting fed up with my error_log file being filled by nimbda and we don't host >any .exe files!! I have been monitoring > it since the summer and the number of nimbda type entries appears to have started to >go up again since xmas... > > Any thoughts greatly appreciated... > > Thanks in advance, Brian
