Our Apache httpd.conf is configured to include these lines for
blocking requests from a list of IP addresses without logging
them — in this order and mixed with other lines — yet some such
requests are logged anyway:
CustomLog logs/access_log combined env=!DontLogIt
<VirtualHost *:80>
RewriteMap ipb "prg:/some-path/ip-block/filter"
RewriteCond ${ipb:%{REMOTE_ADDR}/%{HTTP_HOST}} X
RewriteRule ^ - [F,L,E=DontLogIt]
That ip-block/filter program writes to stdout, for each case of
request data Apache sends to its stdin, whether the request IP
address is on a block list, and this configuration successfully
blocks almost all the requests from those IP addresses — without
logging them.
However, some requests, such as the following, remain logged by
Apache even when they are from IP addresses in the block list,
and regardless of whether we have LogLevel set to info or warn:
/file%3a/////etc%2fpasswd%00
/%0d%0aSet-Cookie:crlfinjection=1;
/cgi-bin.%2e/.%2e/.%2e/.%2e/bin/sh
//%2f..=%5c..=%5c..=%5cetc%5cpasswd%00
Why is that happening, and what can we do to prevent logging of
those requests too, when they arrive from a blocked IP address?
Sincerely Yours
Tony Olekshy
apache@xxxxxxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|