Re: Rejecting Invalid URL With a 503 Status

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 13 Jun 2008, at 09:47:43, Joshua Slive wrote:

On Fri, Jun 13, 2008 at 12:41 PM, Merton Campbell Crockett
<m.c.crockett@xxxxxxxxxxxxxx> wrote:

Looking at the Apache access log, it's clear that Apache is processing a lot of requests from systems probing for vulnerabilities. Rather than have Apache process the request, I would like to immediately reject all requests
with a 503, Service Unavailable, status.

Can I ask: Why? Apache has to process the request one way or the other
in order to send back an error response. What's the difference if the
error response is a 404 or a 503?

I don't really care whether the status returned is 404, 503, or some other code as long as it does not require me to identify why the request is being rejected.

Why? Most of the requests are rejected because the file doesn't exist; however, Apache does perform some action on some requests beyond determining whether or not the file exists. I do not want Apache to perform these actions.

Can this be done with a series of RewriteCond statements specifying each of the permitted strings followed by a RewriteRule that rejects the request and
terminates processing?  Is there a better way of accomplishing this?

Yes, you could do this with mod_rewrite, but I don't see the point.

Does your company or organization have a Security Operations Center (SOC) that does nothing but scan for potential vulnerabilities? If so, do they insist that you make changes to your Apache configuration even though the "vulnerability" doesn't exist?

Basically, I'm tired of the bullshit. I don't want to spend my life filling out forms explaining to those that haven't a clue that their "vulnerability" is a false positive. I want to configure Apache to reject all requests that cannot possibly be supported by the collaboration tool.



Merton Campbell Crockett
m.c.crockett@xxxxxxxxxxxxxx




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux