Recently we see some VERY LONG inputs on our 'access' log, after seeking on www, apparently there are
some 'exploits' on the WebDAV app. from MS and the scripts-kidies attempt to access.
Nothing to do in Linux servers but the 'access' log file be populated with this annoying inputs. Can't block
with IPTables because the attack are multi IP.
Cutting write to log
You can trash this inputs making some minor changes to 'httpd.conf' file, here the code we use:
Hope this help someone.
redesb
some 'exploits' on the WebDAV app. from MS and the scripts-kidies attempt to access.
Nothing to do in Linux servers but the 'access' log file be populated with this annoying inputs. Can't block
with IPTables because the attack are multi IP.
Cutting write to log
You can trash this inputs making some minor changes to 'httpd.conf' file, here the code we use:
Code:
LogFormat "%v %h (%{Client-ip}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
SetEnvIfNoCase Request_URI "cmd\.exe$" TRASH_MS
SetEnvIfNoCase Request_URI "root\.exe$" TRASH_MS
SetEnvIfNoCase Request_URI "default\.ida$" TRASH_MS
SetEnvIfNoCase Request_URI "SEARCH $" TRASH_MS
# The location of the access logfile (Common Logfile Format).
# If this does not start with /, ServerRoot is prepended to it.
#CustomLog /var/log/httpd/access
CustomLog /var/log/httpd/access env=!TRASH_MS
redesb