LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Blocking repeating HTTP/1.0 requests w/ Shorewall (https://www.linuxquestions.org/questions/linux-newbie-8/blocking-repeating-http-1-0-requests-w-shorewall-897776/)

stormreactor 08-17-2011 02:59 AM

Blocking repeating HTTP/1.0 requests w/ Shorewall
 
Oookay. For some stupid reason that I cannot comprehend, McAfee Anti-Virus (McSvHost.exe, specifically) on my laptop keeps htting my Apache server with HTTP/1.0 requests and totally JAMS UP my Apache access logs. Why it does this every twelve seconds, no less, is beyond me, but I need to find a way to deny HTTP/1.0 requests on the local network.

While I could conceivably block my laptop IP to port 80 totally, this isn't feasible, as I use my laptop for web dev and need to view my website through the LAN. McAfee also hits with different source ports (it actually moves up the port number chain sequentially), so I can't block it using that either.

Anyway, it would be much appreciated if anyone could help me quickly write up a Shorewall rule that will just block HTTP/1.0 requests on my local network if that's possible (not WAN, 'cause I use that). Any help would be awesome. Thanks all! ^_^

bathory 08-18-2011 03:33 AM

Hi,

I don't know of Shorewall rules, but it's better look in McAfee configuration to try to stop those HTTP requests.
In the meantime, you can set apache logging not to log requests. Assuming your lappy IP is x.x.x.x, you can use:
Code:

SetEnvIf Remote_Addr "x\.x\.x\.x" dontlog
CustomLog access_log combined env=!dontlog

Regards

stormreactor 08-19-2011 01:23 AM

Thanks bathory.

I may have to follow your suggestion after all. I would've preferred it if I could just block the relevant communication packets to stop unnecessary network traffic, but I don't know if Shorewall can look into TCP packets at that depth (although I may be able to make Apache ignore HTTP/1.0 requests from certain IPs, which I should have thought of first—d'oh!).

As for the causal side of things, I've already posted this issue on the McAfee community boards and am still awaiting a response. I'll post any updates if they come my way. Thanks for your help!

--stormreactor


All times are GMT -5. The time now is 08:17 PM.