My apache log files show that I'm getting two or more of those long url attacks every day, and access_log grows to over 4Mb in just a week, in spite of the fact that there are less than ten valid accesses in any particular day.
How about configuring Apache to disregard (and not log) any URL longer than a predefined length?
The default settings are correct for rejecting the long URLs, and reporting the attempts is correct behavior. Handling the large logs is a time tax on using inherently incomplete technology.
Also, what are "those long url attacks", I haven't heard of them.
See Daniel Staal's post. Fortunately, our Mac OS X boxes are at present somewhat immune to the code insertions anyway, because the code is almost always x86 code. Part of the purpose of wanting to compress out the bulk of the long url is to make it easier to tell if/when we start getting powerPC code insertion attempts.
--
Joel Rees
Complaining about systems that are incomplete misses the point.
In this world, a system can't be perfect and useful at the same time.
Of course, that's no excuse to refuse to fix problems --
we'll never run out of problems.
