Any hints on how to get those "SEARCH /\x90\x04H... ad infinitum" requests logged somewhere else than the access_log? I have an /etc/apache2/sysconfig.d/bad_requests.conf with some SetEnvIf Request_URI "\.exe" bad_req ... etc and corresponding CustomLog /var/log/apache2/ymmv.dk-access_log combined env=!bad_req CustomLog /var/log/apache2/ymmv.dk-bad_requests "%h %t \"%r\"i %>s" env=bad_req in the virtual hosts' configs. It work well, keeps the various nimda/code red/etc stuff out of the accesss_logs. Now I'd like to extend that bad_request setup to also zap those 8190+ characters requests. AFAICT there's no real way to specify a "if Request_URI longer than X characters" -clause, but it seems like it might be possible to act on the server's response (414 in this case). The question is how? What I would like to achieve is something like; normal requests -> access_log normal errors -> error_log bad requests -> bad_requests oversize requests -> bad_requests, but without the actual request, or possibly with just the first, say, 20 characters Hints anyone? TIA /Jon Clausen -- YMMV
oh yeah, forgot to mention; Apache2 on 9.3 -- YMMV
participants (1)
-
Jon Clausen