Tony Olekshy wrote, on 2025-02-24 at 11:32 MST:
>
> Our Apache httpd.conf is configured to include these lines for
> blocking requests from a list of IP addresses without logging
> them — in this order and mixed with other lines — yet some such
> requests are logged anyway:
>
&g
/file%3a/etc%2fpasswd%00
/%0d%0aSet-Cookie:crlfinjection=1;
/cgi-bin.%2e/.%2e/.%2e/.%2e/bin/sh
//%2f..=%5c..=%5c..=%5cetc%5cpasswd%00
Why is that happening, and what can we do to prevent logging of
those requests too, when they arrive from a blocked IP address?
Sincerely
