Virus Block via Apache Proxy... [W32/Nimda@MM]

Virus Block via Apache Proxy... [W32/Nimda@MM]

Post by Rainer Scher » Thu, 20 Sep 2001 17:59:19



We are using Apache Proxy...

Could this work to block URL based virus patterns?


RewriteCond %{THE_REQUEST}  \.eml$
RewriteRule .*  http://myproxy.xx.xx/error/virus-block.txt [F]  

--
--------------------------------------------------------------------
Rainer Scherg,  TDV, Bosch Rexroth AG,  http://www.boschrexroth.de

 
 
 

Virus Block via Apache Proxy... [W32/Nimda@MM]

Post by Nemesis Service » Thu, 20 Sep 2001 19:06:31


try it and see


> We are using Apache Proxy...

> Could this work to block URL based virus patterns?


> RewriteCond %{THE_REQUEST}  \.eml$
> RewriteRule .*  http://myproxy.xx.xx/error/virus-block.txt [F]

> --
> --------------------------------------------------------------------
> Rainer Scherg,  TDV, Bosch Rexroth AG,  http://www.boschrexroth.de



 
 
 

Virus Block via Apache Proxy... [W32/Nimda@MM]

Post by Mark Tayl » Thu, 20 Sep 2001 21:58:52




>We are using Apache Proxy...

>Could this work to block URL based virus patterns?


>RewriteCond %{THE_REQUEST}  \.eml$
>RewriteRule .*  http://myproxy.xx.xx/error/virus-block.txt [F]  

I'm wondering...Why would you want to block the requests?

Does it use more resources to let it write to the error log then
periodically run a cron job to clean out the crap, or to serve up a page
back to the offending machine AND write to the access log?

Just curious..

Mark
______________________________________________________________________________
Posted Via Binaries.net = SPEED+RETENTION+COMPLETION = http://www.binaries.net

 
 
 

Virus Block via Apache Proxy... [W32/Nimda@MM]

Post by Justin Erenkran » Fri, 21 Sep 2001 17:20:30



> I'm wondering...Why would you want to block the requests?

Same here.

Quote:> Does it use more resources to let it write to the error log then
> periodically run a cron job to clean out the crap, or to serve up a page
> back to the offending machine AND write to the access log?

Yup.  Just ignore it.

Justin Erenkrantz

 
 
 

1. W32.Nimda.A@mm worm causes segmentation fault in Linux Apache httpd 1.3.3

The httpd logs from the Apache httpd 1.3.3 server on Linux 5.2 show a

[Tue Sep 18 14:00:34 2001] [error] [client 64.192.139.189] File does not
exist: .../scripts/..    ~X../winnt/system32/cmd.exe
[Tue Sep 18 14:00:35 2001] [notice] httpd: child pid 11731 exit signal
Segmentation fault (11)

Presumably the process restarts and this is only a performance degradation.

Richard Kinch

2. Linux install #38....Still blinky video

3. Block Nimda accessing Apache with ipchains, save bandwidth

4. new video card

5. error: MM:mm starting apache 1.3.9

6. networking Sun and NT machines

7. A handler for the Nimda virus - download location, etc.

8. TTY relationship to users

9. Block NIMDA with Linux...?

10. First Cross platform (w32 and Linux) virus

11. block CodeRed/Nimda at the firewall?

12. Ways to block Nimda worm attacks??

13. SuSE to run W32 virus?