Web Hosting Talk






PDA

View Full Version : grep me out of here!

freakysid
12-09-2001, 06:35 PM
Some months ago, there was a thread about using rewrite rules to prevent the pesky nimbda and code red worms from filling up your error_log with 404 errors. It involved using some rewrite rules to redirect the request elsewhere.

Here is what I ended up using (which I am pretty sure came from this forums):

RewriteCond %{REQUEST_URI} (cmd\.exe) [OR]
RewriteCond %{REQUEST_URI} (root\.exe) [OR]
RewriteCond %{REQUEST_URI} (\.ida) [OR]
RewriteCond %{REQUEST_URI} (Admin\.dll)
RewriteRule ^.*$ /dev/null [L]


OK, so that gets rid of the hits being logged in error_log but they end up in the access_log ! Two questions :)

1) Is there a way to discard these hits and have them not show up in either log?

2) If not, what is a regular expression I could use with grep to filter out those hits from my access_log? I am hopeless at regex, truely lost :p

Thanks
:)
elsmore1
12-09-2001, 08:26 PM
To answer your first question...
You can do something similar to the following if you have the correct apache module loaded.

SetEnvIf REQUEST_URI ".*(default.ida|cmd.exe|root.exe)$" dont_log
...and then make sure you are using CustomLog instead of TransferLog directives for your logfile directive

CustomLog logs/access_log common env=!dont_log

... note the env statement at the end. Modify the parameters as necessary to accomplish your desired task.



Originally posted by freakysid
Some months ago, there was a thread about using rewrite rules to prevent the pesky nimbda and code red worms from filling up your error_log with 404 errors. It involved using some rewrite rules to redirect the request elsewhere.

Here is what I ended up using (which I am pretty sure came from this forums):

RewriteCond %{REQUEST_URI} (cmd\.exe) [OR]
RewriteCond %{REQUEST_URI} (root\.exe) [OR]
RewriteCond %{REQUEST_URI} (\.ida) [OR]
RewriteCond %{REQUEST_URI} (Admin\.dll)
RewriteRule ^.*$ /dev/null [L]


OK, so that gets rid of the hits being logged in error_log but they end up in the access_log ! Two questions :)

1) Is there a way to discard these hits and have them not show up in either log?

2) If not, what is a regular expression I could use with grep to filter out those hits from my access_log? I am hopeless at regex, truely lost :p

Thanks
:)
freakysid
01-28-2002, 07:23 AM
A very belated thanks for your help. Can you believe I am only just getting around to this now!

I am assuming that vBulletin has gobbled up the escape character in your post? That is, in my regex, I would have to escape the . character?

:)