On Fri, Mar 10, 2006 at 08:59:09PM -0500, Penguin Lover Jim squawked: > I was wondering if anyone has some easy to do tips for checking the > security of Apache. I am running Apache/2.0.55. Is apache good with > handling bad URL's? I remember with an IIS server I use to have I > needed to install a url filter to help it out. I noticed that I get > requests like the following in my apache log: > > 70.121.133.60 - - [07/Mar/2006:21:31:05 -0500] "SEARCH > /\x90\xc9\xc9\xc9\xc9\xc9\ > > The above is one line and it is 30,000 characters long in the log file. >
Near the end of that line should be the HTTP return code Apache gave for that request. What is it? On my box it always returns 414 (Request-URI too long), so I doubt it would be a problem, beyond a major annoyance when going through the logs with 'less'. A URI string like that is almost certainly a client trying to exploit a buffer overflow. I've never seen it being a problem with my (limited) experience running apache. HTH, W -- You're not paranoid. The world _IS_ fucked. Sortir en Pantoufles: up 118 days, 21:18 -- gentoo-user@gentoo.org mailing list