Apache "SEARCH /\x90\ ... log garbage solution

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
I found this in another forum, seems to work, at least in-so-far-as keeping the logs from filling with this SEARCH /\x90\ trash.

-------------------------------

After spending many hours searching the web for a way to keep my apache logs from filling up with \x90\x90\ crap from the Micro$oft IIS exploit, I finally discovered a simple solution by just reading the apache documentation.

Since none of the other methods I came across worked, at least for me anyway, I thought I would share this one that did.

Since this request would always return a status of 414 (request failed: URI too long), It was just a matter of editing the LogFormat directives in the http.conf file.


The \"%r\" in the format string is what logs the first line of the request ( The "SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9 etc... garbage).

So if we change that to \"%!414r\" when a request results in a 414 error, the first line of the request is left out of the log and just shows up as a "-"

Don't forget to restart apache after editing and saving.

Hope this helps someone out.