KarkomaOnline

If you have your Apache listening to the outside world probably you have received and seen in your logs these anoying entries regarding nimdas, redcodes and so.

As those kiddies really bother me I have made some modifications in my Apache config file.

Although there are other approaches to this problem, I find this one easy and clean.

Edit your httpd config file and add the following:

SetEnvIf Request_URI MSADC imbecil
SetEnvIf Request_URI scripts imbecil
SetEnvIf Request_URI default.ida imbecil
SetEnvIf Request_URI .exe$ imbecil
SetEnvIf Request_URI .dll$ imbecil
SetEnvIf Request_URI .dll$ imbecil
SetEnvIf Request_URI cgi-bin msadc imbecil
CustomLog /var/log/httpd/imbecil.log common env=imbecil

ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log common env=!imbecil

This will log your kiddies in imbecil.log, so you can take further measures. Bear in mind that requests behind a proxy will be masked by this proxy.

Have a good approach to this problem?

This entry was posted on Sunday, June 1st, 2003 at 11:41 pm and is filed under Apache, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.