David P. Donahue wrote:
Every once in a while, my access log gets flooded with massive byte arrays following a SEARCH command, the intent of which I can only assume is to hit some exploit that some other server has (or had). Is there a way I can set Apache to just ignore all SEARCH commands (all I really need is GET and POST)? Just trying to keep my logs from getting flooded with garbage data. Thanks.Regards, David P. Donahue ddonahue@xxxxxxxxxxx
David -SEARCH is not a valid method, per RFC 2616 (HTTP/1.1). It's safe to ignore such garbage, as the only thing it will do is eat a bit of bandwidth and a small sum of logs. I've seen a few modules that can protect against this sort of activity, but all they do is block the IP from making any requests against the web server.
Hope that helps -dant --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|