regexp for httpd?

Has anyone the regexp for blocking error access to the httpd server? I use FC3. The log file is /var/log/httpd/error_log and it contents is like these:

[Mon Aug 15 11:02:51 2005][error][client xxx.xxx.xxx.xxx] File does not exists: /var/www/html/code
[Mon Aug 15 11:02:51 2005][error][client xxx.xxx.xxx.xxx] File does not exists: /var/www/cgi-bin/test-cgi.bat

I have such scanning attacks every day.
Thank you

not applicable?

I don't think httpd (atleast from Apache) uses hosts_access to allow or deny access, so even if these IPs were blocked, they would still get through to httpd.
[Unless iptables was used to block all traffic.]

Secondly, BlockHosts looks for a number of repeated failures, that would mean that such clients would not be stopped, unless the regexp was very general. But in that case, it may catch some regular users that mis-type the URLs, or may even catch search-engines - if they have bugs in their crawling software.

So, for blocking apache access, other tools may be more appropriate than blockhosts.

Still, if you are interested, here's a start for the regexp - note, not tested:

"HTTPD-FileFail": re.compile(r"""\[error\]\[client (?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\] File does not exists: /var/www/html/code"""),

You can remove the file file at the end (/var/www/html/code) to have this single regexp catch all "File does not exists:" lines.

Thank you very much, I will

Thank you very much, I will try it.

regexp for httpd

Why don't you simply use the mod_rewrite module from Apache to block these accesses? Put something like this in your httpd.conf or in your .htaccess-file (mod_rewrite has to be compiled into Apache and loaded at startup):

RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)(code|test-cgi)(.*) [NC]
RewriteRule .* - [F]
# Or redirect them to their localhost (or wherever you like) with:
RewriteRule .* http://127.0.0.1 [R=301,L]

mod_rewrite is a powerful tool for Apache you can do lots of things with including writing complex rules with regular expressions. Another useful tool for your needs maybe mod_security. Take a look at http://www.modsecurity.org/