Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Dear All,
I notice quite a number of these "GET /cgi-bin/php4 HTTP/1.1" 404 210 "-" "-" in my log file. Should I do something about it. Some suggest to comment this part. Will this be effective or any other better solution to this?
Code:
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
It's only 1 method. Others here may have better ones.
Quote:
Originally Posted by newbie14
...Should I do something about it...
Not necessary (it just bugs me no end that they 'try') but 404s are "Not found".
Enough of those could inhibit your server's ability to satisfy valid requests.
Dear Descdendant,
I saw few section with cgi among them is this. So should I just comment all this. Anything else I should set on httpd.conf. Any sample config which you suggest on fail2ban.
Quote:
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
You can configure apache to redirect your error pages to a cdn or another server so as to not service the request more than once for a single request. It is also possible to drop the connection at layer 3 without providing a response. I would look into both options as if a client continues to request the same non-existing article you are wasting your time. You could do this from within script by making comparisons to previous requests from the same location, ip-address exc.. What I would do is perminently drop a user if they don't except at least 1 identifying cookie or redirect with a url encoded authentication code in an http scenerio,
I see many sites that give abusive users a time out. I am unsure if a person would do this with iptables or dynamically change a firewall, you could accomplish this for your website with htaccess or somehow add rules to a dmz on the fly with a dmz that allows that to ensure you are not overworking your server or the intermediate services that allow you to operate effectively.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.