From OSSEC Wiki

Jump to: navigation, search

[11-28-2002 - 08:31:41] ---------------- Initializing UrlScan.log ----------------

[11-28-2002 - 08:31:41] -- Filter initialization time: [11-28-2002 - 08:31:41] --

[11-28-2002 - 08:31:41] ---------------- UrlScan.dll Initializing ----------------

[11-28-2002 - 08:31:41] UrlScan will return the following URL for rejected requests: "/"

[11-28-2002 - 08:31:41] URLs will be normalized before analysis.

[11-28-2002 - 08:31:41] URL normalization will be verified.

[11-28-2002 - 08:31:41] URLs must contain only ANSI characters.

[11-28-2002 - 08:31:41] Only the following verbs will be allowed (case sensitive):

[11-28-2002 - 08:31:41] 'GET'

[11-28-2002 - 08:31:41] 'HEAD'

[11-28-2002 - 08:31:41] 'POST'

[11-28-2002 - 08:31:41] 'PROPFIND'

[11-28-2002 - 08:31:41] 'LOCK'

[11-28-2002 - 08:31:41] 'OPTIONS'

[11-28-2002 - 08:31:41] Requests for following extensions will be rejected:

[11-28-2002 - 08:31:41] '.bat'

[11-28-2002 - 08:31:41] '.cmd'

[11-28-2002 - 08:31:41] '.com'

[11-28-2002 - 08:31:41] '.htw'

[11-28-2002 - 08:31:41] '.ida'

[11-28-2002 - 08:31:41] '.idq'

[11-28-2002 - 08:31:41] '.htr'

[11-28-2002 - 08:31:41] '.idc'

[11-28-2002 - 08:31:41] '.shtml'

[11-28-2002 - 08:31:41] '.stm'

[11-28-2002 - 08:31:41] '.printer'

[11-28-2002 - 08:31:41] '.log'

[11-28-2002 - 08:31:41] '.pol'

[11-28-2002 - 08:31:41] '.dat'

[11-28-2002 - 08:31:41] Requests containing the following character sequences will be rejected:

[11-28-2002 - 08:31:41] '..'

[11-28-2002 - 08:31:41] './'

[11-29-2002 - 15:22:37] Client at 24.69.73.3: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/mail.exe/2001¤ë¾ä.jpg'

[11-29-2002 - 15:22:47] Client at 24.69.73.3: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/mail.exe/2001¤ë¾ä.jpg'

[11-29-2002 - 21:15:17] Client at 24.67.253.204: URL contains extension '.com', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/scripts/www.the5yearjournal.com'

[12-02-2002 - 09:52:33] Client at 142.27.68.15: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/mail.exe/2001%C2%A4%C3%AB%C2%BE%C3%A4.jpg'

[12-02-2002 - 09:52:43] Client at 142.27.68.15: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/mail.exe/2001%C2%A4%C3%AB%C2%BE%C3%A4.jpg'

[12-02-2002 - 09:52:52] Client at 142.27.68.15: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/mail.exe/2001%C2%A4%C3%AB%C2%BE%C3%A4.jpg'

[12-02-2002 - 09:52:58] Client at 142.27.68.15: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/mail.exe/2001%C2%A4%C3%AB%C2%BE%C3%A4.jpg'

Taken From log example posted [1] here

Retrieved from "http://www.ossec.net/wiki/index.php/Log_Samples_URLScan"
Views
Personal tools