You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Jack L. Stone" <ja...@sage-one.net> on 2004/03/29 17:24:31 UTC
[users@httpd] URL - 33000 Characters Length
Dear list:
The other day, I asked for help on this issue which I believed was on-topic
for this list. Since I did not get an answer, I tried the fbsd-questions
list and got one answer that seems close to a solution.
The problem: One server is being hit with a continuous 33,000 character
URLs which look like this:
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\....
on & on...
...then followed by another, and another.
One suggestion on the other list thought the following:
[...]Someone's trying a buffer overflow trick on you. The way this
technique would work is that the sender would attempt to send a request too
big for your system to handle, once it reaches the "too big" mark,
additional garbage would be sent to overwrite further, then finally a hex
request would be written to spawn a shell. I'm not too sure how to stop it
other than not placing a limit on how big of a url someone could send, or
automatically truncating anything over x amount of size.[...]
My new question on this list:
Can someone suggest the proper syntax for a directive to set a URL length
maximum?
Best regards,
Jack L. Stone,
Administrator
SageOne Net
http://www.sage-one.net
jackstone@sage-one.net
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: URL - 33000 Characters Length
Posted by Björn Friebel <dr...@uni.de>.
hello
it does not affect unix systems ;)
its an attak against IIS but I do not understand why this kiddy try it agains an apache *smile*
take a look here:
http://www.fatelabs.com/library/fatelabs-ntdll-analysis.pdf
greetz
Björn
"Jack L. Stone" <ja...@sage-one.net> schrieb im Newsbeitrag news:3.0.5.32.20040329092431.01f29380@10.0.0.10...
> Dear list:
> The other day, I asked for help on this issue which I believed was on-topic
> for this list. Since I did not get an answer, I tried the fbsd-questions
> list and got one answer that seems close to a solution.
>
> The problem: One server is being hit with a continuous 33,000 character
> URLs which look like this:
> /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\....
> on & on...
>
> ...then followed by another, and another.
>
> One suggestion on the other list thought the following:
> [...]Someone's trying a buffer overflow trick on you. The way this
> technique would work is that the sender would attempt to send a request too
> big for your system to handle, once it reaches the "too big" mark,
> additional garbage would be sent to overwrite further, then finally a hex
> request would be written to spawn a shell. I'm not too sure how to stop it
> other than not placing a limit on how big of a url someone could send, or
> automatically truncating anything over x amount of size.[...]
>
> My new question on this list:
> Can someone suggest the proper syntax for a directive to set a URL length
> maximum?
>
> Best regards,
> Jack L. Stone,
> Administrator
>
> SageOne Net
> http://www.sage-one.net
> jackstone@sage-one.net
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] URL - 33000 Characters Length
Posted by Joshua Slive <jo...@slive.ca>.
On Mon, 29 Mar 2004, Joshua Slive wrote:
>
> On Mon, 29 Mar 2004, Jack L. Stone wrote:
> > Can someone suggest the proper syntax for a directive to set a URL length
> > maximum?
>
> See:
> http://httpd.apache.org/docs-2.0/mod/core.html#limitrequestfieldsize
>
> But you'll note it is limitted by default to far less than 33000
> characters, so these requests are not going to get through to your server.
Doh. You're actually looking for LimitRequestLine, just below that link.
Same comment applies.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] URL - 33000 Characters Length
Posted by Joshua Slive <jo...@slive.ca>.
On Mon, 29 Mar 2004, Jack L. Stone wrote:
> Can someone suggest the proper syntax for a directive to set a URL length
> maximum?
See:
http://httpd.apache.org/docs-2.0/mod/core.html#limitrequestfieldsize
But you'll note it is limitted by default to far less than 33000
characters, so these requests are not going to get through to your server.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org