Apache2 - mod_security
Edward Krack
ekrack at sigecom.net
Sat Feb 17 07:43:29 UTC 2007
Anyone:
Trying to block worms/virus/whatever.
Ubuntu-6.10
Apache/2.0.55 (Ubuntu) Server
mod_security installed
Everything is Default
My access.logs are showing these.
"GET / HTTP/1.0" 200 272 "-" "-"
"SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\
\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\ 414 330 "-" "-"
"POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 306 "-" "-"
I've been trying to figure out HOW-TO enable mod_security in
/etc/apache2/mods-available/mod-security.load
to
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf
And what rule would I use to BLOCK the repeating SEARCH and POST?
Also, which is better? Adding the INFECTED MACHINE to hosts.deny?
apache2 : IPADDRESS : DENY
or
iptables?
iptables -I INPUT -i eth0 -s IPADDRESS -j DROP
I'm doing both.
Can I change the URI (less than 8190)?
Edward Krack
More information about the ubuntu-users
mailing list