Sean Conner wrote:
[2] Actually, I do know of some, but they're the software programs that are currently trying to break in through an insecure webserver or CGI scripts. You can check your web logfiles and see plenty of those happening. If any of those requests are 200, then there's a hole.
As often as not, those 200 often mean the server managed to respond with some sane answer, while those that ARE NEVER LOGGED manged to segfault the server during their processing. A new httpd module, mod_log_forensic, is ment to catch exactly this behavior, it logs a request -before it's processed- and then at the end writes a corresponding completed entry. Take the started entries, modulo all completed requests, and you find out any requests which occured and never finished. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|