SSL access_log Flooded with "GET /" from 127.0.0.1 localhost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear all,

    Hi.  This is imacat from Taiwan.

    After upgrading to Apache 2.2, the access_log of my SSL virtual host
is flooded with numerious these records:

...............
127.0.0.1 - - [19/Mar/2007:15:00:18 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:00:19 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:00:20 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:00:21 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:34:10 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:39 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:42 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:43 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:47 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:48 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:50 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:54 +0800] "GET /" 400 663
...............

    I have searched the Apache 2.2 documentation, the Apache Users' list
and the Apache Developers' list and the Apache source files, and
confirmed that it is from modules/ssl/ssl_engine_io.c
ssl_io_filter_error(), as a result that the client make an HTTP request
on an HTTPS port.

    However, I have two questions:

    First, why does it need to do so, as making an internal request?
What will happen if it is not doing so?  Couldn't it just return an HTTP
400 Bad Request response to the user?

    The second and the most strange thing is that: Nobody is actually
make such an HTTP on HTTPS requst!  Not only that this is our internal
server that no one outside can reach.  If I make such an HTTP on HTTPS
request, I got the following result:

imacat@atlas ~ % lynx -dump http://172.16.168.195:443/

                                  Bad Request

....
imacat@atlas ~ % tail -n 1 /var/log/apache/ssl/access_log
172.16.168.195 - - [19/Mar/2007:16:54:27 +0800] "GET /" 400 663 "-" "-"
"-" 172.16.168.195 __
imacat@atlas ~ %

    Confirming that it logs my IP.  So the line:

127.0.0.1 - - [19/Mar/2007:15:00:18 +0800] "GET /" 400 663

    Must be from 127.0.0.1 localhost.  But there is nothing checking the
host constantly on a wrong port on the host itself.  Even if there is,
it can't possible be on all my Apache 2.2 hosts!

    Could someone tell me what these internal requests from?  Where can
I shut them down?

    Thank you very much in your time in advance.

-- 
imacat ^_*'
imacat@xxxxxxxxxxxxxxxxxx
PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt

Tavern IMACAT's http://www.imacat.idv.tw/
Woman's Voice http://www.wov.idv.tw/
TLUG List Manager http://www.linux.org.tw/mailman/listinfo/tlug

Attachment: pgpBQJ2OJb4OU.pgp
Description: PGP signature

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux