nimda웜의 로그막기2

nimda웜의 cmd.exe나 root.exe등의 로그는 전에 쓴적이 있고
이번엔 에러로그를 막아봅시다.
httpd.conf에
<IfModule mod_alias.c>아래에
RedirectMatch (.*)root.exe$ http://NimdaIsNotForMe.invalid$1

RedirectMatch (.*)cmd.exe$ http://NimdaIsNotForMe.invalid$1
을 추가한다..

아래는 netfilter 메일링에서 받은 원본 메일입니다.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Here is a way to stop logging Nimda attacks on Apache.
Modify/add in httpd.conf

- for access log - don't log any request attempts made by nimda :
SetEnvIf Request_URI cmd.exe|root.exe nimda
Customlog /../../access_log common env=!nimda

- for error log - don't log and don't send any 404 error page to nimda :
Add in
<IfModule mod_alias.c>
RedirectMatch (.*)root.exe$ http://NimdaIsNotForMe.invalid$1
RedirectMatch (.*)cmd.exe$ http://NimdaIsNotForMe.invalid$1
</IfModule>

That's all.

Unfortunately i can't use
iptables -A INPUT -i eth0 -j filt_match -d $EXTERNAL -m string
--string "cmd.exe" -p tcp --dport 80
it makes an error ? (it is not implemented in iptables v1.2.1 ?)
Is it a good way ? With this rule can I read a web page that talk about nimda ?
I don't think so...

Regards
Jean