On 4/29/05, Jack Stone <antennex@xxxxxxxxxxx> wrote: > Hello, > > I have this in my httpd.conf (apache-ver-1.3x on FBSD) > RedirectMatch ^.*\.(dll|ida)*$ http://127.0.0.1/$1 > > I have been using the redirect above, but I've noticed it doesn't catch the > numerous annoying requests below: > > "GET > /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a > HTTP/1.0" 302 639 "-" "-" > > How may I modify my Redirect to catch the above? I know it's just a matter > of better regex, but I need to exercise care out of my ignorance. In fact, it does seem to be catching the request. Notice the "302" status code which indicates a redirect. Overall, you're wasting your time. Worms *do not* follow redirects. The best a redirect could do is keep this request out of your error log. But good admins want to see this information in their error log. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|