Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Apache "SEARCH /\x90\ ... log garbage solution

Discussion in 'EasyApache' started by jols, Apr 6, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168
    I found this in another forum, seems to work, at least in-so-far-as keeping the logs from filling with this SEARCH /\x90\ trash.

    -------------------------------

    After spending many hours searching the web for a way to keep my apache logs from filling up with \x90\x90\ crap from the Micro$oft IIS exploit, I finally discovered a simple solution by just reading the apache documentation.

    Since none of the other methods I came across worked, at least for me anyway, I thought I would share this one that did.

    Since this request would always return a status of 414 (request failed: URI too long), It was just a matter of editing the LogFormat directives in the http.conf file.


    The \"%r\" in the format string is what logs the first line of the request ( The "SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9 etc... garbage).

    So if we change that to \"%!414r\" when a request results in a 414 error, the first line of the request is left out of the log and just shows up as a "-"

    Don't forget to restart apache after editing and saving.

    Hope this helps someone out.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice