apache log and access control

Janina Sajka janina at rednote.net
Tue Dec 7 08:21:20 EST 2004 

Hi, Chuck:

I'll bet you might learn something interesting if you put that hex into
a Google search field and add the word apache.org. I expect it's some
script kitty probing for ancient vulnerabilities. Just a thought.

You can replicate denyfrom and alowfrom lines as many times as you need.
On the other hand, you may be chasing your tail adding them forever as
the kitties will just keep on a comin. Unless you're really getting your
bandwidth clobbered, why not just let apache frustrate those evil doers?

Chuck Hallenbeck writes:
> I have configured apache here, and have been watching my access log
> entries pretty closely, since it truly is a jungle out there. I have two
> questions I hope someone might comment on.
> 
> I regularly find connections to my server from a variety of sources
> attempting to do a "SEARCH" requesting an object which is shown in hex
> dump notation (\x##\x## etc.) and is about 32K bytes long. Apache sends
> these folks an error message, and tells me the error is "URI too long".
> I am assuming that these connections are attempting some kind of
> mischief and ought to be blocked from future connection attempts, is
> that right? Or is this something I have not configured correctly?
> 
> My second question has to do with my efforts to deny access to these
> folks. The directory access control commands contain an "Allow from all"
> followed by a "Deny from bla bla bla"  command, where "bla bla bla" are
> the addresses I wish to block. Nowhere in the documentation I have read
> is there any suggestion about continuation lines for this "Deny from"
> command. I am using a backslash as the last character of lines before
> the final line, so that the NL is escaped, which seems to work. Is that
> the way to handle continuations, or is there a better way? such as maybe
> just repeating the keywords "Deny from" as often as necessary? or
> starting a continuation line without a leading space? None of these
> alternatives seem to provoke a syntax error when doing a "configtest" so
> I have settled on the backslash method.
> 
> I hate to clutter my log file with entries that are 32K bytes long, but
> I also hate to grow my "Deny from" statement indefinitely.
> 
> I know a number of folks here have had experience with running the
> apache server, and hope someone can answer these questions for me.
> 
> Thanks,
> Chuck
> 
> 
> -- 
> The Moon is Waning Crescent (26% of Full)
> "Things are in the saddle, and they ride mankind." Ralph Waldo Emerson
> Personal site www.hhs48.com, Download site www.mhcable.com/~chuckh
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
	
				Janina Sajka, Chair
				Accessibility Workgroup
				Free Standards Group (FSG)

janina at freestandards.org	Phone: +1 202.494.7040

More information about the Speakup mailing list