Date: Sat, 27 Mar 2004 09:28:12 -0600 From: "Jack L. Stone" <jacks@sage-american.com> To: freebsd-questions@freebsd.org Subject: Very long URL with malice intended Message-ID: <3.0.5.32.20040327092812.01f49a10@10.0.0.15>
next in thread | raw e-mail | index | archive | help
Am running FBSD-4.8 with Apache/1.3.26 I posted this question first on the Apache.org list, but no reply. Thought I would try here even though slightly offtopic. Within the past couple of weeks, the Apache logs have shown a new type of intrusion -- a very, very long URL request -- that finally receives a error 414. I don't know the purpose of this one, but doesn't appear well-intended. It comes late at night and from different IPs. One request even used one of my own IPs. So, the firewall won't help -- nor server deny. My question is what syntax can I add, if any, to my httpd.conf to redirect such requests..?? Here's a very small (about 1-5%) snippet of the nasty URL: 65.35.186.74 - - [26/Mar/2004:19:01:04 -0600] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 .... and on and on.... Any suggestions on a way to stop these much appreciated. Best regards, Jack L. Stone, Administrator Sage American http://www.sage-american.com jacks@sage-american.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20040327092812.01f49a10>