Le Tue, Jan 29, 2002 at 01:26:24AM +0100, Jens Benecke a écrit: | On Mon, Jan 28, 2002 at 09:49:51AM -0000, Brian Clifton wrote: | > Dear All | > | > Is there a way to stop apache responding to .exe file requests | > altogether? | > | > I am getting fed up with my error_log file being filled by nimbda and we | > don't host any .exe files!! I have been monitoring it since the summer | > and the number of nimbda type entries appears to have started to go up | > again since xmas... | > | > Any thoughts greatly appreciated... | | Customize this and put it in your crontab, every hour or so. | Hi,
I like your way to add netfilter rules based on the apache logfiles. However, It might be interesting to make them in "realtime": I use the following configuration to floush the logfiles lines related to .exe files: 1_ in httpd.conf: TransferLog "|/opt/www/admin/logfilter/logfilter.py >> /var/log/apache/access.log" And the script (logfilter.py) itself is attached is attached. It could be adapted to call iptables. I have just one comment about your method. Imagine that the request comes from one NATed host, you would block all the postcoming http request from this site, which might be quite big. I'm not sure it's a so good idea, this is why I am content with just removing these lines from my apache files. I have read of another method which consists in using a squid proxy in http accel mode to check for such requests and block them. That way your apache is not bothered. Vincent. -- .~. Vincent Haverlant -- Galadril -- #ICQ: 35695155 /V\ MUD -- FranDUMII (telnet:frandum.enst.fr:2001) /( )\ Parinux (www.parinux.org) ^^-^^ "There is no system but GNU, and Linux is one of its kernels"
msg00174/pgp00000.pgp
Description: PGP signature
