[users@httpd] mod_rewrite for security...

["Andy J.M." <ap...@yourimedia.com>]

Hello.

I'm fairly new to server administration and Apache configs. I've been
following this list for a while and have seen some great help.

I'm sure some/most of you are familiar with the old buffer overrun:

"A total of 1 unidentified 'other' records logged
  SEARCH /\x90\x02\xb1\x02\....."

from logwatch or in your http access logs.

I quickly came across a cool trick yesterday about using mod_rewrite and/or
Multiviews to redirect this to --forbidden--. Unfortunately I cannot find
the information again.

What's really bothering me about it is that it's causing Webalizer to hiccup
on the logs. I know the latest release of Webalizer accounts for this
overrun... but I'm not ready to install that release or apply the fix. I'd
prefer to learn how to counter it --- just the same.

Could anyone lead me in the right direction...
What is the appropriate Apache directive to detect and redirect this? I
believe the hack is a URL request specifically - yes/no?






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org