I know it's something trying to get in through webdav, but since I don't have that right now all it does is clogging my access log.
I've searched the net for a solution how to block this in httpd.conf like I did to block code red and some other worms, but it just wont work. It's still getting logged and I'm starting to lean towards a bug in apache.
(and so on. 32797 bytes total being logged per request)
Since I'm already blocking Nimda and Code Red I tried to modify that to be able to block this new one.
I've tried this in httpd.conf:
SetEnvIfNoCase Request_URI "^search" DontLog
SetEnvIfNoCase Request_URI search DontLog
SetEnvIfNoCase Request_URI SEARCH DontLog
and every possible variant. More advanced regexp variants too, but nothing seems to help.
In the error log I see "request failed: URI too long". Is it so that since I get that error it never get cought by SetEnvIf Request_URI? How then can i catch it?
Because I've been sitting with this for a week now and I can't find a single solution when searching the web (though I find many with the same problem) and so far none in the forums I've tried either. A bit frustrating