I wouldn't say that they do no harm: - They mess up your statistics If you don't change your configuration it's not possible to distinguish the 404 from the viruses from others that might indicated errors in your site. (I always get nervous if a server has a 'file not found' count > 0) - They (sometimes) kill your log file space In high noon of nimda and code red, those viruses produced serveral megabytes on logfiles for each site we are hosting. So it makes some sense to change the configuration for apache.
> -----Ursprüngliche Nachricht----- > Von: Tim Funk [mailto:[EMAIL PROTECTED]] > Gesendet: Donnerstag, 13. Juni 2002 15:04 > An: Tomcat Users List > Betreff: Re: Security - Attack > > > Warning: this may start flame war - but its my opinion. > > What is the purpose of detecting and trying to prevent these > attacks? If > someone code reds (or similar) you - they get a 404 error. > Why waste the > extra processing power and extra config maintenance on > something that > does "no harm". When the next type of attack comes out - should the > config be changed to address that? Its a waste of time. > > -Tim > > Jim Urban wrote: > >>create a bunch of mod_rewrite filters (in httpd.conf - for > Apache) that > > > > redirects > > > >>all those requests to www.microsoft.com > > > > Can you provide an example? > > > > Jim > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>