Re: [gentoo-user] Apache security tips
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 159610784 Willie Wong [EMAIL PROTECTED] wrote: On Fri, Mar 10, 2006 at 08:59:09PM -0500, Penguin Lover Jim squawked: I was wondering if anyone has some easy to do tips for checking the security of Apache. I am running Apache/2.0.55. Is apache good with handling bad URL's? I remember with an IIS server I use to have I needed to install a url filter to help it out. I noticed that I get requests like the following in my apache log: 70.121.133.60 - - [07/Mar/2006:21:31:05 -0500] SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\ The above is one line and it is 30,000 characters long in the log file. Near the end of that line should be the HTTP return code Apache gave for that request. What is it? On my box it always returns 414 (Request-URI too long), so I doubt it would be a problem, beyond a major annoyance when going through the logs with 'less'. A URI string like that is almost certainly a client trying to exploit a buffer overflow. I've never seen it being a problem with my (limited) experience running apache. HTH, W I have not see it be a problem either, Apache returned the same code for me. I noticed it because I get errors from webalizer like: Error: Skipping oversized log record It is not a big deal. I just wanted to make sure I have apache locked down OK. The long entries look like someone trying to hack into IIS with requests for exe files. Thanks for the info, Jim -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEExSdeqJ5Vbm4CxYRAqgdAJ0YYDqFV8cAtf6IXGEOLMjuTLAH4QCcDyE4 /F0PCKAW/x6OB5O6foHYA6A= =ukRJ -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Apache security tips
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 159600160 Michael Stewart (vericgar) [EMAIL PROTECTED] wrote: You may want to look into mod_security for apache as well. IIRC it is designed to protect from such attacks. Thanks for the tip. I will give mod_security a try. Jim -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEEyeEeqJ5Vbm4CxYRAvvtAJ9YQ9cZYUW4VkVc9w55vHg166snhQCfUP1k w7zGfSfyktK0Fj3vl+0JkYk= =PaNp -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Apache security tips
On Fri, Mar 10, 2006 at 08:59:09PM -0500, Penguin Lover Jim squawked: I was wondering if anyone has some easy to do tips for checking the security of Apache. I am running Apache/2.0.55. Is apache good with handling bad URL's? I remember with an IIS server I use to have I needed to install a url filter to help it out. I noticed that I get requests like the following in my apache log: 70.121.133.60 - - [07/Mar/2006:21:31:05 -0500] SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\ The above is one line and it is 30,000 characters long in the log file. Near the end of that line should be the HTTP return code Apache gave for that request. What is it? On my box it always returns 414 (Request-URI too long), so I doubt it would be a problem, beyond a major annoyance when going through the logs with 'less'. A URI string like that is almost certainly a client trying to exploit a buffer overflow. I've never seen it being a problem with my (limited) experience running apache. HTH, W -- You're not paranoid. The world _IS_ fucked. Sortir en Pantoufles: up 118 days, 21:18 -- gentoo-user@gentoo.org mailing list
