<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1226" name=GENERATOR></HEAD>
<BODY style="MARGIN-TOP: 2px; FONT: 10pt Arial; MARGIN-LEFT: 2px">
<DIV>while viewing the logs (/var/log/httpd/access.log) and seeing a lot MS 
hoax e-mails being deleted by MailMonitor I'm wondering is it possible to block 
certain sites from accessing the web server.  Unlike mail servers where one 
can setup blacklist/blackholes/rbl list is there such a service for web 
servers?</DIV>
<DIV>I've noticed the following:</DIV>
<DIV> </DIV>
<DIV>/var/log/httpd/error.log</DIV>
<DIV>[Sat Sep 20 10:01:12 2003] [error] [client 61.139.60.84] File does not 
exist: /var/www/html/tmpad/banner/itrack.asp<BR>[Sat Sep 20 10:01:13 2003] 
[error] [client 61.139.60.84] File does not exist: /var/www/html/a.htm<BR>[Sat 
Sep 20 10:01:22 2003] [error] [client 210.83.18.98] File does not exist: 
/var/www/html/search.php<BR>[Sat Sep 20 10:01:35 2003] [error] [client 
61.139.60.84] File does not exist: /var/www/html/Affiliate/SB/search1.js</DIV>
<DIV> </DIV>
<DIV><BR>[Sat Sep 20 10:03:19 2003] [error] [client 61.139.60.84] File does not 
exist: /var/www/html/tmpad/banner/itrack.asp<BR>[Sat Sep 20 10:03:23 2003] 
[error] [client 220.113.13.11] File does not exist: 
/var/www/html/tmpad/banner/itrack.asp<BR>[Sat Sep 20 10:03:26 2003] [error] 
[client 61.139.60.84] File does not exist: 
/var/www/html/tmpad/banner/itrack.asp<BR>[Sat Sep 20 10:03:28 2003] [error] 
[client 61.139.60.84] File does not exist: 
/var/www/html/tmpad/banner/itrack.asp<BR>[Sat Sep 20 10:03:35 2003] [error] 
[client 203.234.247.253] File does not exist: /var/www/html/default.ida<BR>[Sat 
Sep 20 10:04:02 2003] [error] [client 220.173.238.48] File does not exist: 
/var/www/html/.sbean<BR>[Sat Sep 20 10:04:37 2003] [error] [client 
220.173.238.48] File does not exist: /var/www/html/ad.php<BR></DIV>
<DIV>I know there was a error in http.conf where the ProxyPass was set to ON and 
this caused spamming through the web server to the mail server.  But this 
has been fixed.</DIV>
<DIV> </DIV>
<DIV>/var/log/httpd/access.log</DIV>
<DIV>220.113.13.11 - - [20/Sep/2003:10:08:04 +0800] "GET <A 
href="http://ad.trafficmp.com/tmpad/banner/itrack.asp?rv=1.2&id=2870">http://ad.trafficmp.com/tmpad/banner/itrack.asp?rv=1.2&id=2870</A> 
HTTP/1.0" 404 217<BR>221.pool0.dsltokyo.att.ne.jp - - [20/Sep/2003:10:08:26 
+0800] "GET / HTTP/1.1" 200 
9515<BR>public2-runc2-5-cust118.manc.broadband.ntl.com - - [20/Sep/2003:10:08:26 
+0800] "GET / HTTP/1.1" 200 9515<BR>61.139.60.84 - - [20/Sep/2003:10:08:37 
+0800] "GET <A 
href="http://www.trlweb.com/a.htm">http://www.trlweb.com/a.htm</A> HTTP/1.0" 404 
199<BR>210.83.18.98 - - [20/Sep/2003:10:09:01 +0800] "POST <A 
href="http://sleuth-hound.com:80/search.php">http://sleuth-hound.com:80/search.php</A> 
HTTP/1.0" 404 204<BR>220.113.13.11 - - [20/Sep/2003:10:09:22 +0800] "GET <A 
href="http://ad.trafficmp.com/tmpad/banner/itrack.asp?rv=1.2&id=2821">http://ad.trafficmp.com/tmpad/banner/itrack.asp?rv=1.2&id=2821</A> 
HTTP/1.0" 404 217<BR>210.83.18.98 - - [20/Sep/2003:10:09:24 +0800] "POST <A 
href="http://sleuth-hound.com:80/search.php">http://sleuth-hound.com:80/search.php</A> 
HTTP/1.0" 404 204<BR>61.139.60.84 - - [20/Sep/2003:10:09:43 +0800] "GET <A 
href="http://ad.trafficmp.com/tmpad/banner/itrack.asp?rv=1.2&id=896">http://ad.trafficmp.com/tmpad/banner/itrack.asp?rv=1.2&id=896</A> 
HTTP/1.0" 404 217</DIV>
<DIV> </DIV>
<DIV>The ones I'm questioning is:</DIV>
<DIV>221.pool0.dsltokyo.att.ne.jp - - [20/Sep/2003:10:08:26 +0800] "GET / 
HTTP/1.1" 200 9515<BR>public2-runc2-5-cust118.manc.broadband.ntl.com - - 
[20/Sep/2003:10:08:26 +0800] "GET / HTTP/1.1" 200 9515<BR></DIV>
<DIV>These may or may not be legit entries, is there a way to tell other than 
bringing those site up.</DIV>
<DIV> </DIV>
<DIV>Any ideas what I can do?</DIV>
<DIV> </DIV>
<DIV>Jon</DIV>
<DIV> </DIV>
<DIV>Jon L. Miller, MCNE, CNS<BR>Director/Sr Systems Consultant<BR>MMT Networks 
Pty Ltd<BR><A 
href="http://www.mmtnetworks.com.au">http://www.mmtnetworks.com.au</A></DIV>
<DIV> </DIV>
<DIV>"I don't know the key to success, but the key to failure<BR> is trying 
to please everybody." -Bill Cosby</DIV>
<DIV> </DIV>
<DIV> </DIV></BODY></HTML>