> Hi all, > I (and many others) use the following for getting virus attacks into attack_log >instead of access_log: > > # configuration to direct logging of virus attacks to separate log > # make sure you comment out your old CustomLog directive! > # for more information refer to /manual/mod/mod_setenvif.html > > SetEnvIfNoCase Request_URI "default\.ida?|root\.|cmd\.exe" is_attack
The URI string for a real attack is significantly longer than this. Bill
