Very long URL with malice intended
Jack L. Stone
jacks at sage-american.com
Sat Mar 27 13:51:12 PST 2004
At 08:28 PM 3.27.2004 +0100, Cordula's Web wrote:
>> Within the past couple of weeks, the Apache logs have shown a new type of
>> intrusion -- a very, very long URL request -- that finally receives a error
>> 414. I don't know the purpose of this one, but doesn't appear
>> well-intended. It comes late at night and from different IPs. One request
>> even used one of my own IPs. So, the firewall won't help -- nor server
deny.
>>
>> My question is what syntax can I add, if any, to my httpd.conf to redirect
>> such requests..??
>>
>> Here's a very small (about 1-5%) snippet of the nasty URL:
>>
>> 65.35.186.74 - - [26/Mar/2004:19:01:04 -0600] "SEARCH
>>
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
>>
1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
>>
2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
>>
1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
>>
2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
>>
1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
>> 2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 .... and
>> on and on....
>
>Are only SEARCH requests affected, or GET as well?
>
The ones I've seen have all been SEARCH....
Best regards,
Jack L. Stone,
Administrator
Sage American
http://www.sage-american.com
jacks at sage-american.com
More information about the freebsd-questions
mailing list