Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: apache 2.2, blocking methods |
|
| Author |
|
ship22
Joined: 10 Jan 2014
Posts: 1
Location: USA, Pittsburgh
|
 Posted: Fri 10 Jan '14 17:41 Post subject: apache 2.2, blocking methods |
 |
|
We are using a software based IDS called OSSEC. I keep getting alarms from my web servers (apache 2.2 on linux) on repeated queries to non-existant pages.
I believe they are microsoft based facilities scanning for potential microsoft services (which we don't have) The sources are legitimate but I want to eliminate these false alarms to avoid missing a real intrusion attempt.
This is one:
<ip masked> - - [10/Jan/2014:10:16:49 -0500] "GET / HTTP/1.1" 403 202 0/357 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; TheBlackPearl)" UtAO4QoAlg0AACTtCakAAABC
Others are "Microsoft Office Protocol Discovery" and Microsoft-WebDAV-MiniRedir queries.
These appear to be mostly "OPTIONS" methods.
In apache 2.4 there is an AllowMethods directive that will let you restrict methods to something like GET, PUT, and HEAD and thereby exclude everything else but it doesn't appear to be supported in 2.2.
Can anyone recommend a way to do this on 2.2, that will not muck up security or access to allowed content? We're using tomcat on the backend and jakarta to connect.
Thank you! |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 13 Jan '14 17:21 Post subject: |
|
|
| Within apache 2.2 you can use Limit |
|
| Back to top |
|
|
|
|
|
|
