How to block malformed requests to Apache

apache-2.2 block

I'd like to block malformed requests like these:

79.26.188.208 - - [05/Apr/2011:13:47:38 +0200] "\xae\xe1\x0fi\xca\xeba\xdfm\x9d\xb5\xc0yr-n\x05Z\x9f\xa7\x05\xa1g" 200 4855 "-" "-"
82.51.130.83 - - [05/Apr/2011:18:25:38 +0200] "T\xd0\xc55\xc3A\xcd\xd0" 200 4855 "-" "-"

What is the preferred method?


Solution 1:

mod_security is useful for blocking many of these requests.

It detects known exploit patterns and blocks them.

Solution 2:

Following Mikel's lead I added this mod_security rule

SecRule REQUEST_METHOD "!^(?:GET|HEAD|OPTIONS|POST|CONNECT)$"

and now only legitimate requests pass through.

Related

problems when openvpn server is not the default gateway
Remote Desktop Users via Group Policy Server 2008
Setting the IP address that the SMTP service uses in Windows Server 2008
(OS X 10.6) ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
User directory permissions on SSH server
TCP packet filter based on TCP sequence
Redirect all traffic on my network to a welcome page [closed]
How can I prevent hotlinking? (nginx)
SSL Cert Vendors
What's the opposite of "cost" when downgrading and you get some of the money back?
Word for repairing something in a way that changes its function
Synonym for "daily" of Latin origin?