Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Filtering | 26 comments | Create New Account
Click here to return to the 'Filtering' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Filtering
Authored by: jasont on Aug 12, '01 01:27:39PM

If you only have that many codered attempts then you're lucky. I'm definately in a codered II hotspot since it looks for close IP numbers now. I changed my ip to a private one that never had a domain name or webserver on it and within 8 hours I had 53 attacks. I verified this by running the snort filter set, logging the results to mysql, and checking them with snortreport.

So:
SetEnvIf Request_URI "^/default.ida" IDAREQ
CustomLog "/private/var/log/httpd/access_log" common env=!IDAREQ

You could escape the other regexp characters in the regular string, but I'm not putting anything named default.ida on my machine.

-j

[ Reply to This | # ]