Thanks for the feedback Joshua.
I would still see any attacks by the number of
connections in netstat (which I do monitor). But as
you point out, there is still certainly some
justification to continue logging rejected requests.
If I can use the conditional logging to write rejected
requests to a separate log file, that would be a good
compromise.
Thanks for the tips, I'll check out the conditional
logging.
Best Regards,
Rob
--- Joshua Slive <joshua@xxxxxxxx> wrote:
> On Sun, Apr 27, 2008 at 7:43 AM, Robert Montgomery
> <mogtnomr@xxxxxxxxx> wrote:
> > Is there a way to tell apache to completely ignore
> > certain methods, ie, PROPFIND, CCM_POST, CONNECT,
> > OPTIONS, etc.. (and NOT write those requests to
> the
> > log files either!)
> >
> > I've tried LIMIT & LIMIT EXCEPT directives, but
> I'm
> > not sure if they are working (I still see those
> > requests being logged).
> >
> > Also, are there any methods other than GET/POST
> that I
> > should also consider allowing? We do nothing
> fancy,
> > just typical websites on LAMP platforms, so I
> know of
> > no need for any methods other than GET/POST.
>
> No, you can't completely ignore HTTP requests.
> Apache has to do
> something with them.
>
> Yes, you can reject those requests using something
> like
> <LimitExcept GET POST>
> Order allow,deny
> Deny from all
> </LimitExcept>
>
> But be careful where you place this block, since it
> will override any
> other access controls.
>
> Yes, you can prevent these requests from being
> logged using conditional logging:
>
http://httpd.apache.org/docs/2.2/logs.html#conditional
> But you shouldn't do that. You'll never know if you
> are being attacked
> or if there are some problems with your site
> involving other methods.
>
> Joshua.
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest:
> users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail:
> users-help@xxxxxxxxxxxxxxxx
>
>
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|