I have doubts that the viruses will follow the redirect.
I prefer to to answer with a 400/403/406 (still will be logged)
or 204 (No log entry).
I also have doubts that this is legal, so be carefull what you do.
-Ursprüngliche Nachricht-
Von: Cato, Christopher [mailto:[EMAIL
On which level did you implement this ?
- apache/iis configuration
- tomcat configuration
- tomcat filter/valve
Or where else ?
-Ursprüngliche Nachricht-
Von: Jean Christophe Rousseau
[mailto:[EMAIL PROTECTED]]
Gesendet: Donnerstag, 13. Juni 2002 14:21
An: Tomcat Users List
Blocking the IP can be a dangerous thing:
- If there are several people behind a proxy, you will
disable all.
- If the attacking pc has a provider wih dynamic IP's
it dousn't help at all, it will just diable all
user users that get this IP in the future.
- It makes you vulnerable to dos
it's my home system, so I don't care if some one I don't know gets
blocked. For production system it would be better to just filter as some
one else said earlier. I run both tomcat and orion, so neither are
vulnerable, but I rather not clean up logs every week because of stupid
IIS exploits.
I wouldn't say that they do no harm:
- They mess up your statistics
If you don't change your configuration it's not
possible to distinguish the 404 from the viruses
from others that might indicated errors in your
site. (I always get nervous if a server has a
'file not found' count 0)
