> However, some requests, such as the following, remain logged by > Apache even when they are from IP addresses in the block list, > and regardless of whether we have LogLevel set to info or warn: > > /file%3a/////etc%2fpasswd%00 > /%0d%0aSet-Cookie:crlfinjection=1; > /cgi-bin.%2e/.%2e/.%2e/.%2e/bin/sh > //%2f..=%5c..=%5c..=%5cetc%5cpasswd%00 Maybe they are rejected so early that mod_rewrite is skipped? A quick way to verify would be to set an environment variable in the same stanza and log it too. To resolve, you could invert the CustomLog and only log when an envvar is set. Then flip the logic in the rewrite. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|