So I am no serious Apache or Unix hack, however I was playing with RewriteRules to:
1) relieve server load on my personal server
2) NOT add to the load in access_log
3) keep my access_log from showing any of the Nimda as 200 and being included in my stats
Here is what I did and it might be useful to others
RewriteCond %{THE_REQUEST} /scripts/
RewriteRule ^.*$ - [G,L]
RewriteCond %{THE_REQUEST} default.ida
RewriteRule ^.*$ - [G,L]
RewriteCond %{THE_REQUEST} cmd.exe
RewriteRule ^.*$ - [G,L]
RewriteCond %{THE_REQUEST} root.exe
RewriteRule ^.*$ - [G,L]
Yes im sure there is a cleaner way..
and then
ErrorDocument 410 "
So what this does is, all the Nimda stuff goes 410 and 410 has zero bytes.
My web stats see all the Nimda stuff as errors
Nimda sees every request as failed and doesn't attempt further stuff with each request as it does with the previous mentioned AliasMatch method.
Im no expert but this seems to work well..
I sure don't use the 410 (Gone permentlly) default message anywhere, ive never even seen it ever while on the net.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 22:00:32 PDT