On Mon, Feb 18, 2002 at 03:02:44PM -0300, Dark0 wrote: > after adding > $IPTABLES -A INPUT -i eth0 -p tcp -d $IP --dport http -m string --string >".exe?/c+tftp" -j DROP > $IPTABLES -A INPUT -i eth0 -p tcp -d $IP --dport http -m string --string >"/default.ida?" -j DROP > > to my rc.firewall script i get a lot of > > 24.29.116.XX - - [08/Feb/2002:15:56:19 -0300] - 408 - > > in my apache logs , how could i modify my iptables script or my httpd.conf in order >to have a clean log?
I don't think you can do it with iptables.. Apache gets the connect (and you can't filter that out, because netfilter doesn't know to filter yet... it can't know until they send the request), and then gets the connection dropped, so you'll have to change the way apache logs.. If you decide to do it in apache, it would probably be better to not use netfilter at all, and just let apache not log the requests.. I don't know too much about apache, so I can't help you there, but someone else will probably be able to :) -- Zinx Verituse
