Re: [users@httpd] Strange access.log entry...

I'll be sure to keep you in the loop Red-Tail Books. If I were to take a guess, I'd guess that hex value is the key to fully understanding this. Wish I knew more about exploits and stuff. I remember similar things like that when I was kid and used to play around with stuff like Metasploit. A

Re: [users@httpd] Strange access.log entry...

Wow Ken, Thanks for the thorough research. I just did a whois and figured it wasn't an attack. But being a complete rookie (no experience with linux or servers prior to creating a droplet on DO 2 weeks ago) I was curious to not see any request prefix (GET|POST|CONNECT...etc...) and then I saw

Re: [users@httpd] Strange access.log entry...

Okay Red-Tail Books, I got more information for you! This is the latest response I got: "The malware is installed via a range of vulnerabilities including social engineering. This scan is really testing for the malware's rendezvous protocol for command and control. As a rule, we have been

Re: [users@httpd] Strange access.log entry...

I contacted one of the people involved with CESR and I have received a response. This is what they say: "Yes, this is a scan from our group. It is not in fact looking for a vulnerability, but for a very specific infection. The scan is harmless, but there is a very rare and stealthy piece of

[users@httpd] Fwd: apache 2.2 troubleshooting

Hi, sorry that i posted it here. after some time i realised that the reverse proxy is IHS ibm http server and not pure apache httpd. anyway i post my findings here. after switching from mem caching to disk caching the issue disappeared. E -- Forwarded message -- From: Erik

Re: [users@httpd] Strange access.log entry...

I think I can shed a little light on this. I believe it has something to do with exploits / vulnerabilities. I'm not sure what the hex values are, but I'm guessing that's part of the exploit. I've tried searching for it but couldn't find anything. Maybe the query is confusing the search

[users@httpd] Strange access.log entry...

Saw this in my access.log this morning... 169.229.3.91 - - [08/Jul/2016:05:44:24 -0700] "^\x05A\xea\xa1\xfa\xbe\x15" 200 11434 "-" "-" Can someone more knowledgeable explain what the "request" was and why it was successful? And what 11k of data did apache serve? Thanks dave

Re: [users@httpd] Implement request white list in Apache

Thanks Rich Bowen and Marat Khalili for the quick and usable reply . On Fri, Jul 8, 2016 at 2:53 PM, Rich Bowen wrote: > Well, yes, you could do it with mod_rewrite. You could also presumably use > a proxypassmatch as part of your tomcat setup if the whitelist is simple >

Re: [users@httpd] Implement request white list in Apache

Well, yes, you could do it with mod_rewrite. You could also presumably use a proxypassmatch as part of your tomcat setup if the whitelist is simple enough to express it as one regex. I expect, though, that mod_security will give you the biggest ! for your $ in a nontrivial scenario. On Jul 8, 2016

Re: [users@httpd] Implement request white list in Apache

You can do this with mod_rewrite: RewriteCond %{REQUEST_URI} !^allowed_url_1$ RewriteCond %{REQUEST_URI} !^allowed_url_2$ ... RewriteCond %{REQUEST_URI} !^allowed_url_N$ RewriteRule .* - [F,L] -- With Best Regards, Marat Khalili On 08/07/16 13:53, Joice Joseph wrote:

Re: [users@httpd] Implement request white list in Apache

You're looking for mod_security On Jul 8, 2016 06:54, "Joice Joseph" wrote: > Hi All, > > Can someone help me to make the Apache in such a way that It will block > all the request filter by default and process only those specified requests > to tomcat server. > > -- >

[users@httpd] Implement request white list in Apache

Hi All, Can someone help me to make the Apache in such a way that It will block all the request filter by default and process only those specified requests to tomcat server. -- ​​ ​Cheers​ *Joice Joseph*