Hi,
As discussed somewhere in this list, filtering apache with the
string match will leave not only these logs but lots of open connections.
I mean:
client starts connection to server
server syn-ack's to client
client ack's to server
-- connection stablished --
client issues first packet with HTTP request, that never gets to the
server because of the string match ==> server gets waiting, and makes
those logs.
There is a thread called "apache and nimda" AFAIR... you can use twhttpd
to secure your webserver, look for it in freshmeat.
Hope it helps,
Diego.
> after adding
> $IPTABLES -A INPUT -i eth0 -p tcp -d $IP --dport http -m string
> --string ".exe?/c+tftp" -j DROP $IPTABLES -A INPUT -i eth0 -p tcp -d
> $IP --dport http -m string --string "/default.ida?" -j DROP
>
> to my rc.firewall script i get a lot of
>
> 24.29.116.XX - - [08/Feb/2002:15:56:19 -0300] - 408 -
>
> in my apache logs , how could i modify my iptables script or my
> httpd.conf in order to have a clean log?
--
Perhaps the best characteristic of this distribution I have heard is this:
If you need help with your Linux box, find a Slackware user. He is more
likely to fix the problem than a user familiar with any other distribution.
