Hi,
On Sun, Apr 26, 2020 at 3:43 AM Jeffrey Walton <noloader@xxxxxxxxx> wrote:
>
> What is this request I see in the logs:
>
> 186.222.62.229 - - [25/Apr/2020:21:35:18 -0400] "-" 408 -
> 186.222.62.229 - - [25/Apr/2020:21:35:18 -0400] "-" 408 -
If you are using the default LogFormat (i.e. "common"), the "-" here
is the request line ("%r" format).
A dash means not available (n/a), and 408 means timeout (request line
not received within the configure Timeout).
>
> The reason I ask is, we have a MediaWiki attached to Apache. It gets
> quite a bit of spam attempts. If it is not a legitimate request, then
> I'd like to ban the host. I suspect it is some kind of probe, but I'd
> like to know for sure before I take action.
I don't think you should ban users for a timeout, while it can be
malicious (a try to exhaust resources on your server), it's more
likely a network issue (anywhere between the user and you server). In
any case it's not spam, you'd need some kind on content analysis to
detect spam, but here there is no content to look at.
If there is a need to limit resources usage caused by timeouts or
(maliciously-)slow clients, you should have a look at AcceptFilter
([1]) and/or mod_reqtimeout ([2]).
Regards,
Yann.
[1] https://httpd.apache.org/docs/2.4/mod/core.html#acceptfilter
[2] https://httpd.apache.org/docs/2.4/en/mod/mod_reqtimeout.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|