Welcome to MobyThreads.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in
All support for the MobyThreads Threaded phpBB MOD can now be found on welsolutions at this forum

Conditional logging problem when trying to remove long SEA..

  
   Web Hosting and Web Master Forums (Home) -> Apache RSS
Next:  How do threads work in Tomcat?  
Author Message
user2765

External


Since: May 01, 2004
Posts: 1



(Msg. 1) Posted: Sat May 01, 2004 6:40 pm
Post subject: Conditional logging problem when trying to remove long SEARCH(WebDAV) requests
Archived from groups: alt>apache>configuration (more info?)
Hi,

I have a problem with getting the long SEARCH requests logged
seperately. I'm using this configuration:

Code:
--------------------
SetEnvIfNoCase Request_Method "SEARCH" worm
SetEnvIf Request_URI "^/[a-zA-Z0-9 ].*" !worm
SetEnvIfNoCase Request_URI "^/$" !worm

CustomLog /var/log/apache/access_log common env=!worm
CustomLog /var/log/apache/worm_attacks "%h - %t \"Worm attack\" %>s %b" env=worm

--------------------

Now, when I telnet to the server and query for example "SEARCH /#¤%"
then it is correctly identified as a "worm attack" and when I query
"SEARCH /" it is identified as a valid request.

Ok so far so good, it seems to be working. Now then the problem is
that when the WebDAV worms come with their long SEARCH queries they
don't get recognized as worms.
So is this some kind of bug in Apache? I'm using Apache 1.3.24 on
a Linux machine.


Thanks for any help,
Daniel Bengs



--
chekov
------------------------------------------------------------------------
Posted via http://www.webservertalk.com
------------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message208541.html

 >> Stay informed about: Conditional logging problem when trying to remove long SEA.. 
Back to top
Login to vote
hans1

External


Since: Mar 29, 2004
Posts: 672



(Msg. 2) Posted: Sun May 02, 2004 4:16 am
Post subject: Re: Conditional logging problem when trying to remove long SEARCH(WebDAV) reques [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"chekov" <chekov.15ljlp RemoveThis @mail.webservertalk.com> schreef in bericht
news:chekov.15ljlp@mail.webservertalk.com...
 > Ok so far so good, it seems to be working. Now then the problem is
 > that when the WebDAV worms come with their long SEARCH queries they
 > don't get recognized as worms.
<a style='text-decoration: underline;' href="http://httpd.apache.org/docs/mod/core.html#limitrequestbody" target="_blank">http://httpd.apache.org/docs/mod/core.html#limitrequestbody</a>
One of the LimitRequest* directives setting or their defaults may make your
Apache report an _error_ before you are given a change to divert the log of
_access_.

 > So is this some kind of bug in Apache?
That depends on ones point of view...
.... in general it is not good to process an oversized
.... so reporting reciept of an incomplete request seems appropriate

HansH<!-- ~MESSAGE_AFTER~ -->

 >> Stay informed about: Conditional logging problem when trying to remove long SEA.. 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Any way to remove need for FP extensions from a site - I have to upload a very large website to a RedHat8 server running Apache 2.0.x that was created using MS Frontpage and relies on webbots. It previously was hosted on an IIS server. Not supporting webbots results in drop-down menus being rendered several...

apache ssl remove certificate? - Hi, I recently made my own certificate using "make certificate". Now I bought a "real one" and already added it to the virtual host config. But everytime I restart apache, it says that there already is (obviously) a certificate. So h...

too long processes - Hello, My server is running apache 1.3 and for severals weeks some processes don't want to stop. When i send a 'top' command i have more than 18 processes running and all are httpd. moreover this processes are running during long long time and my whole....

Long domain names - Hi, I've got URLs like this one: users.mem.domain.com . I've created a virtualhost with the serveralias *.mem.domain.com . I want to map * to a seperate dir. I've tried to use mod_vhosts, but it won't see the very first part of it. And now I'm..

Long log file with Apache - Hello, I have an apache server which hosts a dozen of web sites. Each web site is configured with two files : - site1.access (which contain the <Directory>) - site1.srm (which contain the DocumentRoot) these two files let me choose the web director...
   Web Hosting and Web Master Forums (Home) -> Apache All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]