Basically do one of these: 1) ignore the code red lines 2) read up on mod_rewrite and write a couple of filters. documentation is at the www.apache.org site
> -----Original Message----- > From: Laura [mailto:[EMAIL PROTECTED]] > Sent: den 13 juni 2002 15:35 > To: Tomcat Users List > Subject: Re: Security - Attack > > > Hi all, > > thanks for your help. What do you suggest me to do? > > Whe you say :"So it makes some sense to change the configuration > for apache", what do you mean? > > Laura > > > > ----- Original Message ----- > From: "Ralph Einfeldt" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Thursday, June 13, 2002 3:22 PM > Subject: AW: Security - Attack > > > I wouldn't say that they do no harm: > > - They mess up your statistics > If you don't change your configuration it's not > possible to distinguish the 404 from the viruses > from others that might indicated errors in your > site. (I always get nervous if a server has a > 'file not found' count > 0) > - They (sometimes) kill your log file space > In high noon of nimda and code red, those viruses > produced serveral megabytes on logfiles for each > site we are hosting. > So it makes some sense to change the configuration > for apache. > > > -----Urspr�ngliche Nachricht----- > > Von: Tim Funk [mailto:[EMAIL PROTECTED]] > > Gesendet: Donnerstag, 13. Juni 2002 15:04 > > An: Tomcat Users List > > Betreff: Re: Security - Attack > > > > > > Warning: this may start flame war - but its my opinion. > > > > What is the purpose of detecting and trying to prevent these > > attacks? If > > someone code reds (or similar) you - they get a 404 error. > > Why waste the > > extra processing power and extra config maintenance on > > something that > > does "no harm". When the next type of attack comes out - should the > > config be changed to address that? Its a waste of time. > > > > -Tim > > > > Jim Urban wrote: > > >>create a bunch of mod_rewrite filters (in httpd.conf - for > > Apache) that > > > > > > redirects > > > > > >>all those requests to www.microsoft.com > > > > > > Can you provide an example? > > > > > > Jim > > > > > > > > > -- > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
