[Zope] zope, curious http requests, apache

Jaroslav Lukesh lukesh at seznam.cz
Fri Aug 8 12:24:59 EDT 2003


> Odesílatel: Stuart Robinson <r.s.robinson at ntlworld.com>
> I'm having my second 'play' with zope, this time round however I've go it

> exposed to the world through port 80 (running on port 80), firewalled
etc. 

hmmm......
 
> I notices in Zope's output stream in the terminal window this evening a 
> curious "ZServer Bad HTTP request: 'GET 
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%
> u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%
> u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0'"
.. 
> which if I'm not mistaken is a deliberate or scripted attack?  

It is lame attack. My zope mail me all errors and exactly these errors are
in 80% of all. Others thinks that I have /disk_c or so under my Linux
server :-)))))
 
> 1st question: This is nothing to worry about with zope, right?

not as much. Sometimes it cause zope stops to responding or go to death (in
windows occurs 1-2 times per week, under Linux I was run zope in wild inet
without proxy for one month without problem :-). 

I reccomend you to use minimalistic but powerfull pound reverse proxy
before (www.apsis.ch/pound/).

> 2nd question: is runing zope behind Apache any help?, and if so (while I 
> appreciate it is not trivial), what sort of things should I look out for?


yes, it helps, but you could have potential security problem with apache.
Use pound instead if you dont need apache.

> Does anyone know of an 'everymans[!] guide to setting up apache and not
doing 
> it the WRONG way'? (sorry that's probably my quota of questions tonight I

> know!) :-)

Yes, today I was find that info in early morning somewhere at
www.zopera.org (i think, not sure), but it is in french.

But I think that these infos are in zope.org too, but use google for that
searching. I mean old zope site, not new, because new site has problems
with howto and products section (it shows only first 100 instead all).

Regards JL.



More information about the Zope mailing list