G�nter Knauf wrote: > > Hi all, > I (and many others) use the following for getting virus attacks into attack_log >instead of access_log: > > # configuration to direct logging of virus attacks to separate log > # make sure you comment out your old CustomLog directive! > # for more information refer to /manual/mod/mod_setenvif.html > > SetEnvIfNoCase Request_URI "default\.ida?|root\.|cmd\.exe" is_attack > > CustomLog logs/access_log common env=!is_attack > CustomLog logs/attack_log common env=is_attack > > this works fine when I test from browser, but when the virus tries to access >default.ida it is still logged in the access_log. The only difference you can see in >the log is that the virus access is with HTTP/1.0 while my access from browser is >with HTTP/1.1; > now my question: > is it possible that this the reason why the above config doesnt work as I expect?? > > Guenter.
Escape the question mark. That might help. -- Jerry Baker
