Detecting wget in querystring using apache conf
A major problem i have is hackers gain entry to servers using wget in the querystring of badly written scripts. Now what I am trying to do is log all accesses with "wget" in the querystring... I am wondering if anyone know how to do this in apache?
So far I have comeup with this:
LogFormat "%h %l %u %t \"%v %r\" %>s %b" wgetlog
SetEnvIfNoCase REQUEST_URI "wget" wgetenv
CustomLog logs/wget.log wgetlog env=wgetenv
This does log queries if wget is actually in the requested url but not the querystring :-( Does anyone know a workaround?
I also tried this:
SetEnv URL "%r"
LogFormat "%h %l %u %t \"%v %r\" %>s %b" wgetlog
SetEnvIfNoCase URL "wget" wgetenv
CustomLog logs/wget.log wgetlog env=wgetenv
Any suggestions?
