Security Incidents mailing list archives
Apache rewrite rules and error msgs & Nimda
From: "Chris Stephens" <Security () Xymox1 com>
Date: Wed, 19 Sep 2001 20:57:58 -0700
So I am no serious Apache or Unix hack, however I was playing with RewriteRules to: 1) relieve server load on my personal server 2) NOT add to the load in access_log 3) keep my access_log from showing any of the Nimda as 200 and being included in my stats Here is what I did and it might be useful to others RewriteCond %{THE_REQUEST} /scripts/ RewriteRule ^.*$ - [G,L] RewriteCond %{THE_REQUEST} default.ida RewriteRule ^.*$ - [G,L] RewriteCond %{THE_REQUEST} cmd.exe RewriteRule ^.*$ - [G,L] RewriteCond %{THE_REQUEST} root.exe RewriteRule ^.*$ - [G,L] Yes im sure there is a cleaner way.. and then ErrorDocument 410 " So what this does is, all the Nimda stuff goes 410 and 410 has zero bytes. My web stats see all the Nimda stuff as errors Nimda sees every request as failed and doesn't attempt further stuff with each request as it does with the previous mentioned AliasMatch method. Im no expert but this seems to work well.. I sure don't use the 410 (Gone permentlly) default message anywhere, ive never even seen it ever while on the net. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda Worm Mitigation John Davidson (Sep 18)
- RE: Nimda Worm Mitigation Jason Lewis (Sep 18)
- RE: Nimda Worm Mitigation: Snort Kain X (Sep 19)
- <Possible follow-ups>
- FW: Nimda Worm Mitigation Jason Lewis (Sep 19)
- Apache rewrite rules and error msgs & Nimda Chris Stephens (Sep 19)
- RE: Nimda Worm Mitigation Jason Lewis (Sep 18)