Odd (alarming) http log exerpt [followup]

[Colin J. Raven]

On Jan 14 at 10:22, Duo made this excellent suggestion:

> On Fri, 14 Jan 2005, Colin J. Raven wrote:
>
>> I noticed something extremely odd this morning in my http access log.
>> There's the usual activity, then suddenly this (about a hundred lines
>> are snipped)
>> 
>>  Is there anything within...say httpd.conf..that I could do to prevent
>> this..or curtail it before it grows to such an enormous size.
>
> Why, yes there is! For the low low price of FREE, here is something you can 
> do for fun and giggles.
>
> <IfModule mod_rewrite.c>
> RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com
> </IfModule>


I've googled extensively on conditional logging, but the syntax makes my 
head spin. Following Duo posting this gem yesterday, I planted the whole 
lot in my httpd.conf. This morning I had a similar occurrence of a 
WebDAV exploit which again porked out the logfile.


As a followup question to this outstanding contribution, can anyone 
suggest a way of conditional logging which does any or all of the 
following:

a) logs [simply] that a redirect in any of the above categories has 
happened

b) Supresses the verbose output normally associated with one of the 
above conditions happening

In other words you know it happened, but just in a non-verbose way, and 
you know the redirect worked.

Regards & TIA,
-Colin