Forum OpenACS Q&A: Response to How to bypass rp_filter: Nimba Worm
The problem was that I wasn't catching all the worms, only those matching
/scripts/*. Replacing the filter glob to
/*.exe, allowed me to catch all worm attempts. If you are using my filter, or the original by Jim, I would recommend the change. Also, if you are using ACS, you must use a trace filter as well, otherwise you will run the risk of numerous db errors showing up in your log file. The global var I used probably isn't necessary.