On Sun, Apr 26, 2020 at 7:26 AM Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:
>
> On Sun, Apr 26, 2020 at 3:43 AM Jeffrey Walton <noloader@xxxxxxxxx> wrote:
> >
> > What is this request I see in the logs:
> >
> > 186.222.62.229 - - [25/Apr/2020:21:35:18 -0400] "-" 408 -
> > 186.222.62.229 - - [25/Apr/2020:21:35:18 -0400] "-" 408 -
>
> If you are using the default LogFormat (i.e. "common"), the "-" here
> is the request line ("%r" format).
> A dash means not available (n/a), and 408 means timeout (request line
> not received within the configure Timeout).
>
> >
> > The reason I ask is, we have a MediaWiki attached to Apache. It gets
> > quite a bit of spam attempts. If it is not a legitimate request, then
> > I'd like to ban the host. I suspect it is some kind of probe, but I'd
> > like to know for sure before I take action.
>
> I don't think you should ban users for a timeout, while it can be
> malicious (a try to exhaust resources on your server), it's more
> likely a network issue (anywhere between the user and you server). In
> any case it's not spam, you'd need some kind on content analysis to
> detect spam, but here there is no content to look at.
> If there is a need to limit resources usage caused by timeouts or
> (maliciously-)slow clients, you should have a look at AcceptFilter
> ([1]) and/or mod_reqtimeout ([2]).
Thanks Yann.
It sounds like I should leave it alone. The miscreants will show their
head in other ways. I'll wait for another sign of their shenanigans.
Jeff
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|