apache log and access control
Chuck Hallenbeck
chuckh at hhs48.com
Tue Dec 7 05:49:19 EST 2004
I have configured apache here, and have been watching my access log
entries pretty closely, since it truly is a jungle out there. I have two
questions I hope someone might comment on.
I regularly find connections to my server from a variety of sources
attempting to do a "SEARCH" requesting an object which is shown in hex
dump notation (\x##\x## etc.) and is about 32K bytes long. Apache sends
these folks an error message, and tells me the error is "URI too long".
I am assuming that these connections are attempting some kind of
mischief and ought to be blocked from future connection attempts, is
that right? Or is this something I have not configured correctly?
My second question has to do with my efforts to deny access to these
folks. The directory access control commands contain an "Allow from all"
followed by a "Deny from bla bla bla" command, where "bla bla bla" are
the addresses I wish to block. Nowhere in the documentation I have read
is there any suggestion about continuation lines for this "Deny from"
command. I am using a backslash as the last character of lines before
the final line, so that the NL is escaped, which seems to work. Is that
the way to handle continuations, or is there a better way? such as maybe
just repeating the keywords "Deny from" as often as necessary? or
starting a continuation line without a leading space? None of these
alternatives seem to provoke a syntax error when doing a "configtest" so
I have settled on the backslash method.
I hate to clutter my log file with entries that are 32K bytes long, but
I also hate to grow my "Deny from" statement indefinitely.
I know a number of folks here have had experience with running the
apache server, and hope someone can answer these questions for me.
Thanks,
Chuck
--
The Moon is Waning Crescent (26% of Full)
"Things are in the saddle, and they ride mankind." Ralph Waldo Emerson
Personal site www.hhs48.com, Download site www.mhcable.com/~chuckh
More information about the Speakup
mailing list