-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 159610784 Willie Wong <[EMAIL PROTECTED]> wrote: > On Fri, Mar 10, 2006 at 08:59:09PM -0500, Penguin Lover Jim squawked: >> I was wondering if anyone has some easy to do tips for checking the >> security of Apache. I am running Apache/2.0.55. Is apache good with >> handling bad URL's? I remember with an IIS server I use to have I >> needed to install a url filter to help it out. I noticed that I get >> requests like the following in my apache log: >> >> 70.121.133.60 - - [07/Mar/2006:21:31:05 -0500] "SEARCH >> /\x90\xc9\xc9\xc9\xc9\xc9\ >> >> The above is one line and it is 30,000 characters long in the log file. >> > > Near the end of that line should be the HTTP return code Apache gave > for that request. What is it? > > On my box it always returns 414 (Request-URI too long), so I doubt it > would be a problem, beyond a major annoyance when going through the > logs with 'less'. > > A URI string like that is almost certainly a client trying to exploit > a buffer overflow. I've never seen it being a problem with my > (limited) experience running apache. > > HTH, > > W
I have not see it be a problem either, Apache returned the same code for me. I noticed it because I get "errors" from webalizer like: Error: Skipping oversized log record It is not a big deal. I just wanted to make sure I have apache locked down OK. The long entries look like someone trying to hack into IIS with requests for exe files. Thanks for the info, Jim -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEExSdeqJ5Vbm4CxYRAqgdAJ0YYDqFV8cAtf6IXGEOLMjuTLAH4QCcDyE4 /F0PCKAW/x6OB5O6foHYA6A= =ukRJ -----END PGP SIGNATURE----- -- gentoo-user@gentoo.org mailing list
