Re: [users@httpd] Is There A Way To Disable SEARCH?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David P. Donahue wrote:
Every once in a while, my access log gets flooded with massive byte arrays following a SEARCH command, the intent of which I can only assume is to hit some exploit that some other server has (or had). Is there a way I can set Apache to just ignore all SEARCH commands (all I really need is GET and POST)? Just trying to keep my logs from getting flooded with garbage data. Thanks.


Regards,
David P. Donahue
ddonahue@xxxxxxxxxxx


David -

SEARCH is not a valid method, per RFC 2616 (HTTP/1.1). It's safe to ignore such garbage, as the only thing it will do is eat a bit of bandwidth and a small sum of logs. I've seen a few modules that can protect against this sort of activity, but all they do is block the IP from making any requests against the web server.

Hope that helps
-dant


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux