Web log spam - enumerate acceptable paths?


I need to have RT exposed to the Internet because my users are all over the place. This results in a large amount of scanning activity from bots that then produce lots of logging about things like “Marking original destination as having side-effects” etc.

I think if I blocked the request paths in Apache before RT ever saw the request then this would avoid the logging.

Rather than reactively trying to block every bad pattern, perhaps it would be easier to know the prefix of every expected “good” request path and allow those, blocking everything else. Is such a list known? That is, every HTTP request path that is expected to end up at RT’s fastcgi?

RT is the only thing I have on the host name in question.


This post was flagged by the community and is temporarily hidden.

From log analysis of good requests I am going with the following list of URL prefixes at the moment: