mod-security-users

[David F. <Da...@me...>]

Hi,

Without using mod_security I have found a method that works for the
SEARCH attacks - perhaps it is useful to people, even if not using
mod_security.

In the top level of httpd.conf add

SetEnvIfNoCase Request_METHOD "^SEARCH" dontlog

Use the following (on one line) to do the logging:

CustomLog "|/usr/local/apache/bin/rotatelogs
/usr/local/apache/logs/access_log 15M" combined env=!dontlog

It would be better the disable to SEARCH method as well, but at least
with these lines the access log files don't get too big. The error log
still records a single line saying:

request failed: URI too long (longer than 8190)

so you can still tell what is going on.

Cheers,

David.
-- 
---------------------------------------
Email david at megapico dot co dot uk
---------------------------------------