Re: [mod-security-users] How to filter this?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] How to filter this?
|
From: Ivan R. <iv...@we...> - 2004-10-31 11:00:31
|
sam wun wrote: > Hi, > > Recently my website received alot of buffer overflow attacks with the > following content: > 1.2.3.4 - - [25/Oct/2004:10:05:34 +0800] "SEARCH > /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x > 02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\ > > x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 .... > ... > > > The apache has plugins mod_security and mod_filter compiled with. > How can I implement rules to filter the above attack? You can't, at least not with mod_security, because Apache responds to the request before mod_security gets to see it. You can try with mod_rewrite (I haven't so I don't know if it would work) or you can use custom logging to remove such things from your logs. See here for more details: http://sourceforge.net/mailarchive/forum.php?thread_id=5595944&forum_id=33492 -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |
