Re: [mod-security-users] WebDAV Search Filter
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iv...@we...> - 2004-09-19 17:44:14
|
David Cary Hart wrote: > (BTW, ModSec is a marvelous bit of code with great potential) Thanks. What other features would you like to see in it? > How do I stop these? The converted snort rule (SecFilter "SEARCH " > log,pass) doesn't seem to work. You can't stop them using mod_security since Apache rejects such requests before they reach mod_security. Some future version may include functionality to install "early" filters. > BTW, could someone explain what these are? The following is abbreviated. > This actually adds 30kb of crap to access_log. > > 68.109.42.191 - - [18/Sep/2004:04:41:34 -0400] "SEARCH > /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 Such requests are always responded to with a 414 error code. So what you can do is not log the request line in that case. Like this: LogFormat "%!414r" no414 CustomLog logs/access_log no414 -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |