From: "William A. Rowe, Jr." <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 2:21 PM
> Please posit your suggestion to [EMAIL PROTECTED] where the authors can consider
> it, especially in the context of Apache 2.0.
Sorry, meant to reply back to security@ ... since this is here, let me condense the
guts of the suggestion...
----- Original Message -----
From: "rudy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 1:35 PM
Subject: Missing "Addhandler FOD `cat list` " problem
>
> hi:
>
> I'm currently undergoing a weird denial of service attack in which a large
> number of PCs (218 at last count) are sending me kiddie scripted buffer overflow
> attacks aimed at IIS admin scripts. [I know, read on, please!].
>
> ... should be harmless except that they tie up bandwidth and the Apache server
> apache needs a new handler. The effect of:
>
> < AddHandler FOD
> default.ida
> _vti_inf.html
> _vti_bin/shtml.exe/_vti_rpc >
>
> would be that a request to GET or POST anything on the list would return
> absolutely nothing. I.e. the server would write the log msg but appear totally
> dead to the requestor.
I expect this should be simple to do so using the new filtering schema, we've done
similar bogus things by accedent in developing the new server filter model :)
Any takers?
Bill
