The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache "SEARCH /\x90\ ... log garbage solution

Discussion in 'EasyApache' started by jols, Apr 6, 2006.

  1. jols

    jols Well-Known Member

    Mar 13, 2004
    Likes Received:
    Trophy Points:
    I found this in another forum, seems to work, at least in-so-far-as keeping the logs from filling with this SEARCH /\x90\ trash.


    After spending many hours searching the web for a way to keep my apache logs from filling up with \x90\x90\ crap from the Micro$oft IIS exploit, I finally discovered a simple solution by just reading the apache documentation.

    Since none of the other methods I came across worked, at least for me anyway, I thought I would share this one that did.

    Since this request would always return a status of 414 (request failed: URI too long), It was just a matter of editing the LogFormat directives in the http.conf file.

    The \"%r\" in the format string is what logs the first line of the request ( The "SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9 etc... garbage).

    So if we change that to \"%!414r\" when a request results in a 414 error, the first line of the request is left out of the log and just shows up as a "-"

    Don't forget to restart apache after editing and saving.

    Hope this helps someone out.

Share This Page