"Stuart Miller" <stuart_miller@shaw.ca> wrote in message news:<5ZPuc.636250$Ig.470757@pd7tw2no>...
> "Dr. David Kirkby" <see_my_signature_for_my_real_address@hotmail.co m> wrote
> in message news:c99d2c79.0405311519.4b6c19c@posting.google.co m...
> >
> > Whether or not blocking IP addresses that appear to be doing something
> > you don't like is of course debatable. I'm sure if someone can spoof
> > their IP address, they could create a DOS attack in this way.
>
> Blocking IP addresses may not be a solution to your issue.
>
> Most individuals who would be moubnt ing attacks have 'temporary' IP
> addresses, in that they are on dhcp from their provider. Therefore, the same
> individual could be back next week, using the same 'robot' from a different
> address. Also, you could ebd up with a very long 'deny' list, and end up
> locking out people who should have access as they rotate through available
> IP addresses.
>
> If your material is very 'restricted' you may want to consider using the
> 'allow from' directive instead. As I see it, if you want to put the material
> out there for the world to see, you run the risk being probed for
> weaknesses.
>
> You also may want to consider if it is the system you want to protect, or
> the data you are serving. There would be different approaches depending on
> which it is.
>
> Stuart


To bock this kind of ULR you need to install Content inspection
firewall software. Examine incoming URL request blocks if it is not a
valid http address.

To stop the log message you can create a dummy file with that name (
root.exe, cmd.exe …etc)

-Sundaram