Re: apache and nimbda

From: Seth Arnold (sarnold@wirex.com)
Date: 01/28/02


Date: Mon, 28 Jan 2002 13:54:05 -0800
From: Seth Arnold <sarnold@wirex.com>
To: focus-linux@securityfocus.com


On Mon, Jan 28, 2002 at 09:49:51AM -0000, Brian Clifton wrote:
> Is there a way to stop apache responding to .exe file requests altogether?

Probably.

You can do it at the apache level by looking at the <Files> directive.
I'm sure there are other methods, but our firewall is down at the
moment, preventing me from getting to http://www.apache.org/.

You can also try hogwash, which would sit between apache and the outside
world -- at least, if I correctly recall what hogwash does.

Though, I'm curious why the 404 page supplied by apache isn't
sufficient?

> I have been monitoring it since the summer and the number of nimbda
> type entries appears to have started to go up again since xmas...

Be glad you aren't running IIS then. :)

-- 
"I'm not sure which upsets me more: that people are so unwilling
to accept responsibility for their own actions, or that they are
so eager to regulate everyone else's." -- Kee Hinckley