Stopping worms cluttering up your Apache logs

Fed up of 90% of your Apache log entries being failed requests for root.exe, cmd.exe and default.ida (caused by the Nmidia worm)? Here's how to stop it, put the following in your httpd.conf:

# Ignore worms
SetEnvIf        Request_URI "/(cmd\.exe|root\.exe|default\.ida)$" DontLog
RewriteEngine   on
RewriteCond     %{REQUEST_URI}  "/(cmd\.exe|root\.exe|default\.ida)$"
RewriteRule     ^.*$    - [forbidden]

and on your CustomLog line, append !DontLog, so it looks like this:

CustomLog               /var/apache/logs/access_log common env=!DontLog

The SetEnvIf and DontLog bits stop the request showing up in your access_log, and the Rewrite bits stop the failed request showing up in your error_log, as well as returning a 403 FORBIDDEN to the requesting PC.

Tags : , ,
Categories : Web, Tech